Online retailers are feeling the pain of spam. 


Software auditors coming? Don’t panic. Push back! 
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After 


Regional Power Failure 


Disaster recovery plans put to the 
test; users report resilient systems | 


BY LUCAS MEARIAN 


When the power went out in Manhattan late 
Thursday afternoon, the stock markets had al- 
ready closed. But the crucial trade-settlement 
system that uses thousands of batch-processing 
computers around New York City to clear bil- 
lions of dollars in trades had just come to life. 
Diesel generators at brokerage, bank and 
| clearinghouse data centers around Manhattan 


ClOs, experts cite urgent need 
for U.S. infrastructure upgrade 


| BY DAN VERTON 

| On the morning after last week’s blackout, 
power company CIOs and utilities experts said 
similar or more catastrophic failures are possi- 
ble if the industry and government fail to devel- 
op more modern control systems. 

| “It’s not just bigger servers or better data- 

| bases that we need,” said Ali Jamshidi, vice 
president and CIO of First Energy Corp. in 


Akron, Ohio. “We just don’t have 
the analytical tools that can do 
analysis on a real-time basis and 
that are predictive vs. reactive. 


and New Jersey kicked in, and IT 
departments said that they were 
far better prepared for what most 
called a simple power outage than 


eC Sion) 
about the power outage, 


Delta's IT 


Patching Becoming a Major 
Resource Drain for Companies 


TEST PILOT 


Delta's new low-fare airline, called 
Song, has an impressive array of 
technologies for boosting customer 
service. Just as important, it serves 
as a testbed for new IT and produc- 
tivity concepts that the parent com- 
pany can use. PAGE 37 
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Users, page 53 


Need to stay on top of 
threats such as Blaster 


| poses burden to users 


| BY JAIKUMAR VIJAYAN 
Last week’s W32.Blaster worm, 


which affected thousands of 
computers worldwide running 
Windows operating systems, 
highlighted the enormous 
challenge companies face in 
keeping their systems up to 
date with patches for vulnera- 
bilities, users said. 

Companies that, ahead of 
Blaster’s rampage, had in- 
stalled Microsoft Corp.’s patch 
for a flaw identified last month 
said they felt no effect from 
the worm. But the seemingly 
constant work involved in 
guarding against such worms 
is becoming a burden that 
could prove unsustainable 


over time, users said. 

“The thing about patching is 
| that it is so darn reactive. And 
that can kill you,” said Dave 
Jahne, a senior security ana- 
lyst at Phoenix-based Banner 
Health System, which runs 22 
hospitals. 

“You need to literally drop 

Blaster, page 15 


BY PATRICK THIBODEAU 
ATLANTA 

Harold Weiss, a senior sys- 
tems engineer at Baptist 
Memorial Health Care Corp. 
in Memphis, is convinced that 
utility computing can save him 
money. Storage demand for 
the network of 17 hospitals is 
increasing continuously and 
prompting capacity purchases 








Frankly, the tools that are available 
are just not robust enough.” 


Systems, page 53 
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Maryfran Johnson on ‘Untrust- 
worthy Computing.’ 


Federal agencies say they were 
unscathed by Blaster. 


Users Mull On-Demand Model 


well in advance of need, he 
said. 

With an on-demand model, 
“I could have everything in 
place, and when I need it, [the 
vendor] would turn it on,” said 
Weiss. He said he believes this 
Pay-as-you-go computing 
model could cut his storage 
costs by about 20%. 

On-Demand, page 6 
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Now, you can deliver consistent information across your business. 
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Make your IT team and users more productive. 
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See how you can drive performance. 
Read about Breakthrough Reporting at: 


ORR Mirage cil 


Copyright © 2003 Cognos Incorporated. All rights reserved. 





COGNOS REPORTNET 
WORLDWIDE LAUNCH 
9 Sep New York, NY 

9 Sep London, England 


9 Sep Paris, France 


9 Sep San Jose, CA 
9 Sep Chicago, IL 
9 Sep Frankfurt, Germany 
& 9 Sep Amsterdam, Netherlands 


Join us online at 


www.cognos.com/reportnet/events. 
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CRM: Ready or Not? 


In the Management section: Read this excerpt 
from The CRM Project Management Handbook to 
help you decide if your company is ready to take 
on a CRM project. Page 40 
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RFID Tunes Into Supply Chains 

In the Technology section: Retailers are experimenting 
with RFID tags as an alternative to bar codes, but the 
technology’s tags, readers and software still need plen- 
ty of work. Page 23 
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faces an uphill battle against 
Intel’s Itanium, despite IBM’s 
adoption. 


Carnival Cruise Lines plans 
to deploy a system to remote- 
ly manage 4,000 PCs on land 
and aboard its ships. 


Content management appli- 
cation frees up IT staff at Dol- 
lar Rent A Car for develop- 
ment work. 


Electronic retailers say their 
legitimate e-mail is getting 
lost in the flood of spam. 


Navy contract is intended to 
securely integrate thousands 
of old applications into the 

Navy/Marine Corps Intranet. 


Storage vendors combine 
disk arrays with tape libraries 
to increase backup reliability. 


HP and Hitachi say they'll 
jointly offer disaster recovery 
and business continuity sys- 
tems and services. 


Boscov’s Department Store 
uses a new product to boost 
the efficiency of Linux virtual 
server deployment. 


Windows Update patch man- 
agement program is faulty, 
claims one expert. 


Mohegan Sun casino bets on 
funds transfer and blackjack 
surveillance technology. 


The former Soviet Union’s 
pool of skilled workers draws 
R&D interest from the U.S. 


: 28 Corralling Security Data. As 


security devices proliferate, 
administrators face the chal- 
lenge of collecting and corre- 
lating the resulting data. 
Here’s how they’re coping. 


: 30 Future Watch: New Spin for 


Electronics. Call it the ulti- 
mate in spin control: IBM’s 
spintronics technology is al- 
ready increasing hard-disk 
storage capacities, but its ap- 
plication in semiconductors 
may eventually create a world 
where storage and memory 
are one and the same. 


: $2 Security Manager's Journal: 


Faulty Rules Foul Router 
Protection. Human error is to 
blame when a faulty router 
rule base leaves Vince’s cor- 
porate LAN open to denial- 
of-service attacks. 
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: 37 Delta’s IT Test Pilot. Delta’s 


new low-fare airline, called 
Song, is using technology to 
cut costs and boost revenue 
and operational efficiency. 


: 42 Don’t Panic, Push Back. The 
. best thing to do in the face of 
a looming software audit is to 
push back and negotiate with 
the vendor on your terms. 
The worst thing to do is give 
in to demands without a fight. 


: 44 Q&A: Newsmaker. Business 


Technology Partners’ Joshua 
Aaron offers tips from his ex- 
perience working in the niche 
market of corporate facilities 
design and relocation. 


discovers that India’s role as 
the leading locale for out- 
sourcing may be in jeopardy. 
The next hot destination? The 
Middle East. 


20 Maryfran Johnson wonders 
why IT management contin- 
ues to suffer the relentless 
security problems of Micro- 
soft Windows. 


20 Pimm Fox shares three sound 
suggestions for designing and 
building applications that can 
be integrated with others. 


Michael Gartenberg debunks 
old ways of thinking about 
Apple’s Macintosh systems 
and suggests they work well 
in most IT environments. 


34 Dan Mezick says program- 
ming jobs may be going over- 
seas, but the role of collabora- 
tive development manager is 
likely to remain stateside. 


44 Alan MacCormack says “free” 
software isn’t always free, and 
simple TCO analysis doesn’t 
reveal the underlying costs. 


54 Frankly Speaking: Frank 
Hayes is glad that UCITA is 
finally, truly, completely dead. 
But he says we still need a 
good UCITA law to replace it. 
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How to Plan Your Backup Strategy 


STORAGE: Backups are probably the most es- 
sential component of any corporate network, 
and they are often done wrong. But it’s not 
difficult to get your backup strategy right. 

© QuickLink 40585 


HIPAA vs. McDonald's: 
Food for Thought 


SECURITY: Health care companies that want 
to avoid trouble over HIPAA compliance can 
learn from the infamous McDonald’s hot- 
coffee lawsuit, says TruSecure Corp. attor- 
ney Marne E. Gordan. @ QuickLink 40078 


Real-Time Feedback 

DEVELOPMENT: Advice for managers on how 
to provide clear, specific and timely feedback 
to help people do their best. 

© QuickLink 40526 


StoreAge Relies on 

Out-of-Band Virtualization 
STORAGE: Faced with an expanding list of 
competitors, StoreAge is counting on the 
technical prowess of its Storage Virtualiza- 
tion Manager, writes analyst Barb Goldworm 


in this vendor profile for SNW Online. 
© QuickLink 40570 


Hands on: A Close-up Look at 

Mac OS X’s NetBoot 

OPERATING SYSTEMS: IT professional Ryan 
Faas takes a look at how NetBoot can be used 
to start up client machines from a network 
disk image. @ QuickLink 40606 
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GAO Points to Legal 
Office’s Lax Security 


A General Accounting Office re- 
port released last week said the 
Executive Office for United States 
Attorneys never conducted a risk 
assessment before initiating a 
virtual private network (VPN) be- 
tween its various offices and the 
Justice Department's main data 
center. The VPN was replaced 
last month. In addition, firewall 
logs have been ignored at many 
office locations, the GAO said. 


SCO’s Revenue Up 


Buoyed by new revenue for Unix 
licensing fees for enterprise 
users, The SCO Group Inc. un- 
veiled third-quarter net income of 
$3.1 million, compared with a net 
loss of $4.5 million for the same 
quarter last year. SCO said it 
earned $20.1 million in revenue 
for the quarter that ended July 
31. That figure includes $12.8 
million from sales and support of 
its Unix operating systems and 
$7.3 million from the company’s 
SCOsource licensing initiative. 


Microsoft Reveals 
Project 2003 Prices 


Microsoft Corp. has set pricing 
for Project 2003 and plans to re- 
lease the project planning and 
management software to manu- 
facturing today. Project 2003 
will be available as a stand-alone 
desktop application, Project 
Standard 2003, priced at $599, 
and as the Microsoft Office En- 
terprise Project Management So- 
lution. The latter product includes 
Project Professional 2003, listed 
at $999, and Project Server 
2003, priced at $1,499. 


Short Takes 


PEOPLESOFT INC. expanded its 
lawsuit against ORACLE CORP., 
citing “extensive new facts” 
about Oracle’s alleged efforts to 
disrupt PeopleSoft’s relations 
with its customers. . . . i2 TECH- 
NOLOGIES INC. reported earnings 
of $1 million for the second quar- 
ter on revenue of $122 million. 





Continued from page 1 
On-Demand 


Weiss wasn’t alone in eye- 
ing capacity-on-demand pric- 
ing at HP World last week. 

Jason Munson, a Unix sys- 


| tems administrator at Cargill 


Inc. in Minneapolis, said on- 
demand computing may help 


his company meet processing 
needs that arise when he has 


to produce monthly, quarterly 
or annual reports. 

During those reporting 
periods, “[we] never seem to 
have enough capacity,” said 
Munson. “It doesn’t seem 
worth it to us to spend an ex- 
tra $2 million to $3 million to 
have that extra capacity all 
year. So on-demand comput- 
ing is certainly something 
that’s interesting.” 

The utility model is rela- 
tively new, but Brad Day, an 
analyst at Forrester Research 
Inc. in Cambridge, Mass., is 
projecting that by the end of 
2006, as many as 50% of For- 
tune 2,000 companies will be 
implementing “creative fi- 
nancing alternatives” such as 
on-demand computing. “It’s 
that compelling,” he said. 

Compelling, perhaps, but 
it may also be a difficult sell. 
In interviews with potential 
users last week, there was no 
shortage of questions raised 
about the complications of 
utility computing. 


Points to Consider 
One potential problem that 
may confront Jay Snow, a sys- 
tems administrator at the 
StairMaster division of The 
Nautilus Group Inc. in Van- 
couver, Wash., is related to the 
record-retention requirements 
of the Sarbanes-Oxley Act. His 
company relies heavily on 
Hewlett-Packard Co.’s propri- 
etary HP 3000, and even 
though HP 3000 support is 
scheduled to end in 2006, 
Snow said it may be easier for 
him to keep his records on 
those machines to meet the 
law’s requirements. And that 
would limit his ability to adopt 
on-demand computing. 

Snow also questioned the 
prudence of signing on-de- 
mand storage contracts based 





NEWS 


on current pricing, since fu- 
ture rates may provide better 
value. “Storage prices always 
seem to go down, and perfor- 
mance goes up,” he said. 

Another user, who spoke on 
condition of anonymity, is 
evaluating storage-on-demand 
options from a variety of ven- 
dors. He could sign a contract 
with one vendor but may face 
an expensive switch if a rival 
vendor subsequently releases 
a product that better meets his 
needs, he said. 

Indeed, Day said he believes 
a move to utility computing 
“becomes silently a vendor 
lock” for some users, in part 
because they get tied to a ven- 
dor’s accounting methods. 

IBM, meanwhile, said that 


| toy maker The Lego Co. has 


scrapped its HP systems in fa- 


What role will HP 


oer 


ttwill remain It will increase 
the same _ 


Itwill 
have 
no role 


BASE: 569 respondents to a survey of 
Encompass HP user group members. 
For more details, see our Web 
site: QuickLink a3540 


vor of IBM and its utility com- 
puting model [QuickLink 
40550]. The company’s an- 

| nouncement appeared to be 

| timed to coincide with the 
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first day of HP World. 

IBM’s sand-in-your-face an- 
nouncement drew wry smiles 
from HP executives, who indi- 
cated that they feel that turn- 
about is fair play and that such 
announcements can be ex- 
pected from HP in the future. 

Denmark-based Lego re- 
placed 230 HP servers with 
34 IBM servers. The server 
consolidation project, which 
involved a move to the utility 
model, will reduce IT costs 
by about 30%, said Hal Yar- 
brough, Lego’s global director 
of IT. 

Yarbrough said he sees no 
downside. IBM is “assuming 
the risk for the extra capacity 
that may or may not be used, 
from our perspective,” he said. 
“Tt’s quite attractive, and we 
do not see a risk.” D 


Despite IBM’s Adoption, AMD’s Opteron Faces Uphill Battle 


ATLANTA 


Advanced Micro Devices Inc.'s 
64-bit Opteron processor, a po- 
tential competitor to Intel Corp.'s 
Itanium, isn’t getting a particular- 
ly warm welcome. 

Of the top three enterprise 
systems vendors, only IBM in- 
tends to make Opteron-based 
systems available, and then only 
for users of niche high-perfor- 
mance and technical computing 
applications. 

At HP World here last week, 
Hewlett-Packard Co. officials 
said they have no plans to use 
Opteron and thereby help it 
compete against the 64-bit Itani- 
um, which HP co-developed 
with Intel. 

“It would just add a complica- 
tion that is completely unneces- 
sary,” said Peter Blackmore, ex- 
ecutive vice president of HP’s 


Clock Generator 


A diagram of AMD’s Opteron processor 


enterprise systems group. Under 
its “adaptive enterprise” strate- 
gy, HP maintains that users are 
more concerned with choice of 
operating systems and the ability 
to manage those systems as one 
than they are with the underlying 
processing technology. 

But not every HP user ap- 
proves of the Itanium-only strat- 
egy. “| think they should offer 
both,” said Bill Thompson, se- 
nior Unix systems administrator 
at The Goodyear Tire & Rubber 
Co. in Akron, Ohio. Thompson's 
company is interested in moving 
some 64-bit applications to Lin- 
ux, and he expects Opteron- 
based systems to be more eco- 
nomical than Itanium-based sys- 
tems. “So we would like to see 
[HP] go to AMD,” he said. 

Sun Microsystems Inc. also 
said it has no plans to offer 
Opteron-based 
systems. 

A key differ- 
entiator of 
AMD's Op- 
teron is its abil- 
ity to run 32- 
and 64-bit ap- 
plications on 
the same ma- 
chine, which 
proponents ar- 
gue can help 


ease a transition to 64-bit appli- 
cations. But high-performance 
users, not mainstream business 
customers, will be among the 
early adopters. 

AMD, in fact, announced last 
week that the Los Alamos Na- 
tional Laboratory has selected 
the Opteron for two Linux clus- 
ters, including one running 
2,800 processors. 

IBM, which decided earlier 
this month to begin offering 
Opteron-based systems, be- 
lieves that the high-performance 
market is “an excellent breeding 
ground” for the Opteron, said 
Debra Goldfarb, vice president of 
products and strategy at IBM 
Deep Computing. 

Whether Opteron becomes 
available on IBM's general-pur- 
pose business servers will de- 
pend on the market response and 
the availability of tools and appli- 
cations tuned for it, said Goldfarb. 
So far, there has been little indi- 
cation that anyone will be beating 
down the Opteron door. 

Charlie Jernigan, systems ad- 
ministrator at the General Board 
of Pensions and Health Benefits 
of the United Methodist Church 
in Evanston, lll., said the choice 
of processor is largely irrelevant. 
“It's just a tool,” he said. 

~ Patrick Thibodeau 





www.computerworld.com 


COMPUTERWORLD August 18, 2003 





NEWS 


Carnival Cruise Lines Piloting 


Remote Management of PCs 


Expects savings on upgrades, patches 





BY BOB BREWIN 
ARNIVAL CRUISE 
Lines Inc. plans to 
deploy a system to 
remotely manage 
and provision 4,000 PCs, in- 
cluding 1,200 installed on the 
company’s 19 ships, to elimi- 
nate the need to fly techni- 
cians to various ports of call 
to handle critical upgrades 
and fixes. 

Doug Eney, vice president 
for information systems engi- 
neering at Carnival Cruise 
Lines, a division of Carnival 
Corp. in Miami, said the re- 
mote PC management system 
from Waltham, Mass.-based 
On Technology Corp. will 
save him from “flying people 
around the globe” to perform 
upgrades to shipboard com- 
puters. 

Eney said he chose On 
Technology’s iCommand soft- 
ware over competing products 
such as Microsoft Corp.’s Sys- 
tems Management Server be- 
cause it met the demands of 
Carnival’s unique client/server 
architecture. 

Although Microsoft’s prod- 
uct could handle remote man- 
agement of PCs connected to 
a high-speed LAN, it can’t do 
the same for remote clients 
connected over slower links 
such as the C-band satellite 
system Carnival uses for its 
shipboard PCs, Eney said. 


Shared Bandwidth 

The satellite system provides 
Carnival with IMbit/sec. total 
bandwidth, but that’s shared 
among all the company’s 
ships. The effective data rate 
to and from each vessel is 
128Kbit/sec. 

Eney said Carnival has just 
completed a pilot of iCom- 
mand with 200 shore-based 
computers and will start to de- 
ploy the software throughout 
its network over the next year. 
Eney said the remote manage- 
ment software will provide 





Carnival with a good return on 
investment and a quick pay- 
back, but he declined to pro- 
vide specific financial details. 

Eney, in the midst of in- 
stalling patches to fight the 
Blaster worm (see story, Page 
One), said automated patch 
management is essential in a 
world where “you get once-a- 
day Microsoft patches.” Once 
the iCommand software is ful 
ly deployed, it will carry out 
the automated patch manage- 
ment function. 

The iCommand software 
will also help Carnival save 
time and money in migrating 
from one Microsoft operating 
system to another, Eney said. 

Phil Neray, vice president 





for marketing at On Technolo- 
gy, said the iCommand system 
includes a software console 
installed at Carnival that con- 
tains a database of all of the 
company’s PCs, their operat- 
ing systems and the applica- 


Brokerage Goes Offshore 
For Stock Quote System 


Project aims for 
straight-through 
trade processing 
BY LUCAS MEARIAN 
Institutional brokerage Pre- 
bon Yamane Inc. announced 
last week that it has complet- 
ed a three-month upgrade of a 
stock-quote management sys- 
tem that will provide it with 
internal straight-through pro- 
cessing of trades and elimi- 
nate paper from its global bro- 
kerage operations. 

Che new order management 
system, which was built by 
San Francisco-based Exigen 
Inc. using offshore developers, 
has tied a siloed legacy appli- 
cation that previously ran on 
seven servers into one central- 
ized system. 

Although the design and de- 
velopment took about 90 days, 
it will take another six months 
to integrate the new system 
with the existing network, 
which will eventually provide 


customers with real-time de- 
tailed order information. Jer- 
sey City, N.J.-based Prebon 
currently sends detailed trade 
information to its brokers in 
batches at the end of the day 
and uses fax and printed trade 
tickets, which requires order 
entry staff. 


RO! Expectations 

The new system, which runs 
on clustered Sun Solaris serv- 
ers, is expected to cut costs 
and add flexibility to sustain a 
variety of price distribution 
channels, said Jim Hilton, 
head of business planning and 
product management at Pre- 
bon. Hilton declined to pro- 
vide information on the cost 
of the project beyond saying 
that it totaled hundreds of 
thousands of dollars. 

The system is based on J2EE | 
technology with Java Message 
Service as the middleware. 

Hilton said he expects to 
recover the full cost of devel- 


| oping the new order manage- 


| 
tions running on each of them. 
When Carnival needs to do an | 
upgrade or install a patch, all 

an operator needs to do is 

drag and drop an icon of the 
software onto the icon of a PC 
on the screen. 


Carnival Cruise Lines 

expects easier upgrades after 
deploying a remote PC manage- 
ment system on its 19 ships 


ment system during the first 
full year that it’s in operation. 
“Our old distribution net- 
work is serial-based feeds, and 
we are creating an interface 
to make sure the new order 
management system [based 
on parallel feeds] can support 
the old serial-based feeds,” 





Hilton said. “We're interested 
in automating as much trade 
processing as we can.” 

The new order manage- 
ment system will eventually 
allow Prebon to put out more 
information about securities, 
such as payment date and 
trade history, to its more than 
1,000 institutional brokers 
around the world and allow 
for two-way interaction with 
them. 

“We weren't able to receive 
messages back over the old 
network,” Hilton said. 

Exigen used programmers 
in Eastern Europe to develop 
the order management appli- 
cation, in a process Hilton said | 
was remarkably smooth. 

Dirk Manelski, Exigen’s 
general manager of capital 
markets, said the greatest 
challenge to the project was 
reverse-engineering years- 


That action, in turn, sends 
the software package or patch 
to an “agent” on the remote 
device, which then installs it. 
Neray said a PC doesn’t even 
have to be on for the upgrade 
to be performed; the agent in- 
cludes a “wake-up” function 
that automatically turns the 
PC on when a patch is sent. 

Eney said his pilot project 
showed that rolling out iCom- 
mand in a heterogeneous com- 
puting environment is a chal- 
lenge. Though Carnival has 
standardized on PCs from Dell 
Inc. and Hewlett-Packard Co., 
neither the hardware nor key 
software components such as 
drivers are identical. That has 
at times complicated the use 
of the wake-up software. 

In such a complex environ- 
ment, Eney said, there’s “no 
such thing as instant gratifica- 
tion.” He recommended that 
any company seeking to use 
iCommand set up a good pilot 
and test plan before attempt- 
ing widespread deployment. D 


JUST THE FACTS 
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old systems in order to ex- 
tract the data to create the 
new system. 

Manelski said the project 
required senior technologists 
to be on the customer’s site to 
explain processes and com- 
municate needs to program- 
mers overseas. 

“The old model of doing 
vendor offshoring had been 
problematic because of time- 
zone and language issues and 
a lack of understanding of 
the domain,” he said. “We 
solved that with this dual- 
shore model.” D 
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BMC Expands 
Linux Support 


BMC Software Inc., which previ- 
ously supported consumer-grade | 
Linux distributions, last week 
announced that it now supports 
Red Hat Inc.’s Enterprise Linux 
2.1 and SuSE Linux AG’s Linux 
Enterprise Server 8 in several of 
its products, including Deploy- 
ment Manager for Linux Version 
1.2 and its SmartDBA database 
management tools. 


CSC Earnings, 
Revenue Up in Q1 
Computer Sciences Corp.’s (CSC) 
earnings and revenue grew in its 
first quarter, which ended July 4, 
thanks largely to strong sales to 
the U.S. federal government. 
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Microsoft Ordered 
To Pay $520M 


A jury in Chicago last week 
ordered Microsoft Corp. to pay 
$520.6 million in damages to 
Chicago-based Eolas Technol- 
ogies inc. and the University 

of California after finding that 
Microsoft's Web browser in- 
fringed on a patent. Eolas and the 
university accused Microsoft of 
improperly including technology 
in Internet Explorer that allows in- 
teractive content to be embedded 
in a Web site. Microsoft said it 
plans to appeal. 


Survey: ClOs Have 
Bigger Workloads 


0 of ClOs said their 
20) lg versa 
creased significantly 
in the past 12 months 
0 of ClOs said their 
ra 


creased somewhat 
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MARK HALL #®ON THE MARK 


IT Salaries Are Soaring 
12% to 15% a Year in... 


... Bangalore, India, which is making outsourcers there edgy about the 
country’s longtime position as the low-cost leader for skilled workers. 
Parmeet Chaddha, senior vice president in charge of offshore opera- 
tions at San Carlos, Calif.-based application service provider Corio 
Inc., worries that “the cost differential is shrinking” and that the Indi- 
an labor advantage will hold up for only another two to three years. 
Talking on his cell phone from a train rumbling into a New Delhi de- 
pot, he said companies that move IT operations offshore need to think 


more strategically about the reasons for 
doing so, such as offering “follow the 
sun” tech support to users. Corio Execu- 
tive Vice President John Ottman adds, 
“The basic game of moving labor hours off- 
shore is simplistic and short term.” # Brian 
Keane, CEO of Boston’s venerable appli- 
cation outsourcer Keane Inc., thinks In- 
dia’s mix of low labor costs, a computer- 
savvy workforce, English-language skills 
and a friendly legal envi- 
ronment for business 
will continue to give the 
nation an advantage for 
the foreseeable future. 
That’s why he does busi- 
ness there. Still, he says, 
“we are not making a 
country bet on India. 
We're already thinking 
ahead.” Well, what’s 
ahead? For Keane, South 
Africa and countries in 
the Middle East might be 
the next place for out- 
sourcers to find smart, 
low-cost workers. That 


releases this week its BMC Ser- 
vice Impact Manager (BSIM) 
and BMC Event Manager (BEM), 
which monitor how IT operations 
and performance directly affect 
discrete business operations. The 
TONE RLIL Ls cl eRe LT SU) 
business processes and alerts 
interested users and IT staff 
when the metrics for those proc- 
esses change. BSIM starts at 
$80,000, and BEM at $50,000. 


would suit Rudain Arafeh just fine. 
Arafeh, CEO of Configure Inc., a San 
Jose-based WAN consultancy, thinks U.S. 
companies should be taking a closer look at 
Egypt, Jordan, Lebanon and elsewhere in 
the region for outsourcing work. Coun- 
tries there have set up low-tax zones for 
foreign companies and have a surplus of 
trained, English-speaking technologists. 
| But Arafeh believes that it’s not only a 
good business decision, 
it’s smart global politics. 
“There are too many 
mostly well-educated 
young men with nothing 
to do over there. The 
byproduct of giving 
them jobs is to help the 
region,” he argues. It’s 
doubtful that any Ameri- 
can CEO will take up 
this “U.S. IT unemploy- 
ment for peace” cause. 
They'll do it just to save 
the bucks. But you never 
know. ® With the world 
competing for cushy 


in Houston 





www.computerworld.com 


US. IT jobs, you’d think that low-cost 
labor was your biggest concern. It’s not. 
Computers are. Task automation is a bigger 
threat to IT jobs. Corio’s Ottman says, “We 
want to automate labor out of the equa- 
tion as much as possible.” A competing 
ASP, Surebridge Inc. in Lexington, Mass., 
has an internal program called Project 55 
with the goal of running applications 55% 
less expensively than companies could 
do themselves. While offshore labor sav- 
ings are part of the difference, automa- 
tion can make a bigger difference. Ac- 
cording to CIO Mark Clayman, “We need 
to get policies and procedures in place to 
make every task automated.” It’s not too 
late to learn how to make lattes and cafe 
mochas. ® Or maybe you should just go to 
a smaller company. Laurence Bunin, CEO 
of Handshake Dynamics LLC, a New 
York-based management advisory firm, 
says, “The big trend in the midmarket is a 
dramatic shift to insourcing.” He says a 
number of $100 million to $1 billion com- 
panies found that the headaches and 
costs of managing outsourced projects 
sucked out all the savings from cheap Indian 
labor. Corio’s Chaddha points out that any 
deal with an Indian outsourcer needs to 
add back 15% to 25% of U.S. labor wage 
rates just to manage the complexity of 
the agreement. For a large company or an 
ASP that can spread the costs over many 
users, the management overhead isn’t as 
big a burden. But for midsize companies, 
it’s a pain. As a result, says Bunin, his 
clients are bringing their applications 
back in-house. And cost isn’t the only 
reason. For midsize companies, informa- 
tion management can be one of the 
biggest competitive advantages, as their 
application needs are highly specialized. 
That means offshore outsourcers are best 
used for commodity operations. Well, 
there’s a little light in the long, dark unem- 
ployment tunnel. D 





changes were needed, an IT 


on site construction. 
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Dollar Rent A Car Project 
Frees Staff for Web Work 


BY TODD R. WEISS 

In a move aimed at freeing up 
its IT workers, Dollar Rent A 
Car Inc. will enable its mar- 
keting department to make 
on-the-fly changes to its car 
rental Web site with new con- 
tent management software 


from Percussion Software Inc. 


Peter Osbourne, group 
manager of Internet and data 
warehousing at Tulsa, Okla.- 
based Dollar Thrifty Automo- 
tive Group Inc., the parent 


company of Dollar, said this is 
the first time that the Web site 
will include content manage- 
ment software intended to 
make updates easier. 

“Tt really allows my [IT] 
team to focus on pure devel- 
opment from the technical 
side,” Osbourne said, referring 
to the deployment of Stone- 
ham, Mass.-based Percussion’s 
Rhythmyx 5 Enterprise Con- 
tent Management software. 
| Previously, when Web site 








staffer got the job, taking him 
away from development work. 
Now marketing staffers will be 
able to add rental promotions 
and other pertinent informa- 
tion for vehicle rental custo- 
mers to keep the site updated. 
Key benefits of the Rhyth- 
myx 5 application are that 


| nontechnical people can use it 


to make site changes and that 
images can be reused easily 
from one Web page to anoth- 
er, Coniglio said. When an im- 
age is changed on one Web 
page, it’s changed automati- 
cally on all the other pages us- 
ing it, saving time and effort 





Another benefit is that the 
software is priced at about 
one-third the cost of compet- 
ing products, Coniglio said, 
though he declined to name 
other products Dollar consid- 
ered or how much it paid. But 
according to Percussion, pric- 
ing begins at $250,000 for a 
typical enterprise content 
management project. 

Dollar’s deployment of the 
content management system 
began early this month and 
will be completed next month, 
Osbourne said. The company 
will run the application on 
Windows 2000 Server. B 





The market is volatile. Consumer confidence is fickle. And you've got a business to run. Clearly, you need business systems that help 


you plan accordingly. SAP has more than 30 years’ experience helping companies run more efficiently, with everything from analytical tools 


that help you take decisive action to an open e-business platform that helps you get more value out of the systems you've already invested in 
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Electronic Retailers 
Hurt by Spam Flood 


Mailings that customers opt to receive 
are being blocked or going unread 





BY CAROL SLIWA 
BOSTON 
NEW YORK-BASED on- 
line jewelry retailer 
blasted an e-mail to 
customers with the 
subject line “Hot Summer 
Styles.” Even though the in- 
tended recipients had asked to 


receive mailings from the com- | 


pany, some 300,000 of them 
never saw it. 

The word hot apparently 
triggered filters that blocked 
the message from being deliv- 
ered, said Pinny Gniwisch, a 


founder of Ice.com. “The filters | 


are not smart,” he lamented. 
Many electronic retailers at 
last week’s eTail 2003 confer- 


ence here complained that 
they’re suffering from an anti- 
spam backlash even though 
they said they have opt-in 
mail policies and don’t spam 
anyone. 

Several electronic retailers 
said that in the past six 
months, they’ve found their 
marketing messages being 
increasingly blocked or fil- 
tered, or simply going unread 
by customers who are inun- 
dated with so much unwanted 
e-mail that they’re starting 
to tune out even legitimate 
communications. 

“This is the big battle- 
ground — getting your mail 
through,” said Daniel Gudema, 


Navy Taps Securify to 
Manage Legacy Apps Risk 


Contract aimed at 
integrating old 
apps with N/MCI 
BY DAN VERTON 
The U.S. Navy has awarded 
a $5.8 million contract that’s 
designed to help the service 
tackle one of its most pressing 
security challenges: integrat- 
ing thousands of legacy appli- 
cations into its multibillion- 
dollar Navy/Marine Corps 
Intranet (N/MCI) program. 
The two-year deal with 
Mountain View, Calif.-based 
Securify Inc., announced 
last week, will give the Navy 
unlimited use of Securify’s 
SecurVantage security man- 
agement product. The goal is 
to ensure that all of the Navy’s 
networks comply with the 
more robust security policies 
established by the N/MCI 





contract [QuickLink 39348]. 
The Navy in 2000 awarded 

the $6.9 billion N/MCI con- 

tract to Plano, Texas-based 


| Electronic Data Systems Corp. 


Among the challenges that 


| have at times threatened the 


project’s success has been the 
existence of tens of thousands 


| of applications that, if moved 


into the intranet, would ex- 


| pose security vulnerabilities. 


Of 30,000 legacy applica- 
tions, 12,000 have been either 


| approved outright or ap- 


proved with restrictions to 


| operate in the N/MCI envi- 
| ronment. The Navy hopes to 


get the total number of appli- 


| cations it uses down to 5,000 


within several months, ac- 
cording to Capt. Chris Chris- 


| topher, staff director at the 


N/MCI program office. 
Deploying the Securify 
product will help the Navy 





e-commerce strategist at ABC 
Distributing LLC in North 
Miami. “Maybe e-mail will 
become obsolete as a market- 
ing tool.” 

Some retailers claim that 
they’re starting to see the 
harmful effects in their general 
ledgers. Online retailer eBags 
sends out about 8 million elec- 
tronic messages per month to 
customers who opt to receive 


| its mailings, according to CEO 


Jon Nordmark. A year ago, 22% 
of the recipients made pur- 
chases as a direct result of 
those messages. Now the con- 
version percentage is 13.2%. 
Nordmark said the Green- 
wood Village, Colo., retailer 
hit profitability last year and 
has seen overall revenue grow 
90%. But e-mail is no longer 
the primary growth driver. 


more quickly integrate exist- 
ing applications, the majority 
of which still sit on servers 
located outside of the N/MCI, 
Christopher said. Starting 
Oct. 1, all new applications 
deployed by Navy units must 
comply with stringent N/MCI 
security requirements. 
“That’s going to be a chal- 
lenge,” said Christopher. 


“There’s probably going to be 


PRODUCT FEATURES 


SecurVantage Enterprise 
Monitoring Point 


@ Rack-mounted PC appliance 
@1-GHz Pentium Ill 

= 1GB memory 

w= Three 968 hard drives 


SecurVantage 
Enterprise Manager 


® Dell PowerEdge 1650 server 
with 1.4-GHz Pentium III 
#1GB SDRAM 


= Two 18GB SCSI hard drives 
= Dual onboard NICs 








It now ranks behind affiliate 
marketing, off-line catalogs 
and search technology on the 
priority list, he said. 

Mike Frazzini, vice presi- 
dent of technology at eBags, 
is convinced spam is to blame. 
He estimated that at least 30% 
of the company’s e-mail is be- 
ing blocked or filtered, al- 
though he acknowledged that 
it’s tough to quantify. He said a 


| company often doesn’t know if 


its mail is being blocked at the 
server by an Internet service 
provider or a corporation, or 
on the client side with filters 
set up by individual users. 
Frazzini said the company is 
working to make sure its do- 
main isn’t turning up on any 


| of the black lists that antispam 


groups, such as Mail Abuse 
Prevention System LLC, have 
established to help companies 
set up spam filters. He said 
corporations and Internet ser- 
vice providers sometimes use 


| those lists to set up server- 
| based filters. 


Matthew Berk, an analyst at 
Jupiter Research in New York, 


| advises retailers to outsource 


| alot of waivers put in to try to 


move the process along.” 
Steve Vetter, director of 
strategic planning for the 
N/MCI program at EDS, said 
the key issue facing the Navy 


lis and the driving factor be- 
| hind the decision to purchase 


the Securify product — is the 
need to have enough informa- 
tion about the security of vari- 
ous networks and applications 
so that good decisions can be 
made about which applica- 
tions to allow inside the 
N/MCI environment. 

For now, the Navy is prepar- 
ing to deploy 65 enterprise 
SecurVantage monitoring 
points, said Carl Wright, vice 
president of federal opera- 
tions at Securify. 

“Most government organi- 
zations today really don’t un- 
derstand what their [current] 
IT environment is like,” said 
Wright. “As they moved dur- 


| ing the last two years from 

| mainframe to distributed 

| client/server architectures, 

| they really lost control of that 


information architecture.” D 
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bulk mailings to third parties 
that stay on top of issues in- 
volving spam. Those providers 
include CheetahMail Inc., Dou- 
bleClick Inc., Digital Impact 
Inc. and Responsys Inc. 

In addition, Berk said retail- 
ers would be wise to stop us- 
ing the same sorts of phrases 
that true spammers insert into 
the subject lines of their mes- 
sages, such as “act now,” “free” 
and “one-time opportunity.” 
Exclamation points are anoth- 
er no-no, he said. 

“If it sounds like spam,” 
Berk warned, “it is spam.” 


Paying Attention 

Many companies now do 
more extensive monitoring 
of the open, click-through 
and conversion rates to gain 
greater insight into their 
e-mail efforts. 

Tower Records, a Digital 
Impact customer, has found 
in the past six months that its 
e-mail open rates have dipped 
lower than they’ve ever been, 
according to Kevin Ertell, se- 
nior vice president of online 
operations. Ertell said he sus- 
pects that mail is getting lost 
in the spam shuffle. 

“If the overwhelming prob- 
lem isn’t solved, it won’t really 
matter what content we put in 
the e-mail because people 
aren’t seeing it,” Ertell said. 

Ertell, like some other re- 
tailers, said he would support 
legislation to help curb the 
problem. “We have to do 
something about it,” he said. 
“It’s gone beyond annoying. 
It’s negatively affecting peo- 
ple’s business operations.” D 
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Vendors to Combine Disk 
Arrays and Tape Libraries 


Move improves backup and restore 





capabilities, aids regulatory compliance 


BY LUCAS MEARIAN 
N THE WAKE OF new gov- 
ernment regulations 
requiring better corpo- 
rate record-keeping, 
three top tape library vendors 
have confirmed that they’re 
working to combine inexpen- 
sive disk arrays with 
their libraries to bol- 
ster backup reliability 
and data restoration. 

Advanced Digital Informa- 
tion Corp. (ADIC), Storage 
Technology Corp. and Spectra 
Logic Corp. are each develop- 
ing products that would use 
Serial Advanced Technology 
Attachment disk arrays physi- 
cally and logically tied to tape 
libraries to consolidate storage 
management, speed backups, 
increase redundancy and 
guarantee the fast restoration 
of mission-critical data. 

Jonathan Otis, ADIC’s se- 
nior vice president of technol- 

gy, said RAID adds reliability 
to his company’s libraries be- 
cause “you can lose a disk 
drive and the backup will con- 
tinue, while with tape drives, 
if a drive goes down, it will 
stop the process, and you'll 
have to start it all over again 
on another drive.” 

ADIC said its combination 
disk/tape library will be avail- 
able this fall. Spectra Logic 
said its model will be available 
early next year. 

Louisville, Colo.-based Stor- 
ageTek wouldn’t say when its 
product will be available, but 
company officials said the 
technology is part of an over- 
all information life-cycle man- 
agement initiative focused on 


For more information on this subject, go to 
our Storage Knowledge Center: 


QuickLink k1700 
www.computerworld.com 


| storing data on varying forms 

| of media. The goal is to align 

| cost, reliability and speed of 
recovery with the importance 
of the data. 

“The next logical step for 
our partners and customers is 
doing tighter integration of 

components with not 


vag just disk to tape, but 


[with] networking and 
management tools,” said Tom 
Balue, manager of product 
marketing for StorageTek’s 
Automated Tape Solutions 
division. 

Balue said one of the biggest 
advantages of a disk/tape li- 
brary combination is that sys- 


| tems administrators can back 


up different data sets to disk 





and tape from a single con- 
cae without having to learn 
multiple backup applications. 
“What’s the advantage of 
disk over tape? If you lose a 
tape, you're in trouble, but if 
you're using inexpensive disk 
in a RAID, the data isn’t lost,” 
said Matt Starr, chief technol- 
ogy officer at Boulder, Colo.- 
based Spectra Logic, referring 
to an array’s ability to rebuild 
data striped across multiple 
disks after a single drive fails. 


Consolidate Power 
Another advantage of combin- 
ing disk arrays with tape li- 
braries is that administrators 
could combine power sources 
and cooling systems, Starr said. 
Rick Luttrall, director of 
product marketing for the 
Nearline Storage division of 
leading tape vendor Hewlett- 
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Packard Co., said HP is con- 
sidering physically combining 
disk and tape. But he empha- 
sized that addressing a policy- 
driven information life-cycle 
management strategy that in- 
cludes intelligent software is 
far more important. 





Gary Pilafas, senior storage 
and systems architect at UAL 
Loyalty Services Inc., a unit 
of United Air Lines Inc., said 
that “in a world where we're 
keeping our backups longer,” 
disk and tape combinations 
have merit. 

Pilafas currently uses two 
StorageTek L700e libraries to 
archive data but plans to up- 
grade to Fibre Channel drives 
so he can include the libraries 
in a storage-area network. 
Disk acting as cache for Pi- 
lafas’ library would allow UAL 
Loyalty Services to restore 
data faster. 

“T think that’s what a lot of 
end users are thinking: For 
backup, let’s just use disk. If 
StorageTek said you can back 
up to disk and dump to tape to 
meet all the federal regula- 
tions ... then you’ve met a 
whole lot of requirements” 
Pilafas said. 

Because disk arrays help en- 
sure that data is backed up, 
they can help companies meet 
federal regulations such as the 
Sarbanes-Oxley Act, which re- 
quires that e-mail be retained 
and retrievable. D 





BY LUCAS MEARIAN 
Hewlett-Packard Co. said last 
week that it has extended a 
multibillion-dollar OEM 
agreement with Hitachi Data 
Systems Corp. to continue of- 
fering Hitachi’s high-end Free- 
dom Storage Lightning 9900 


Works XP brand. The two 
vendors also agreed to jointly 
provide disaster recovery and 
business continuity systems 
and services. 

HP extended the OEM 
agreement through 2008. The 
partnership with Santa Clara, 
| Calif.-based Hitachi had been 
set to expire in 2005. 

Bob Schultz, senior vice 
president of HP’s Network 
Storage Solutions division, 
wouldn’t say how much the 
OEM agreement is worth but 
said it will bolster a larger ser- 
vices strategy. 

Hitachi's Lightning 9900 
features an internal switched- 





series array under the Storage- | 





bus architecture that supplies 
bandwidth of up to 6.4GB/sec. 
and capacity of up to 147TB. 
HP loads its own management 
software onto the array. Both 
companies plan to use the 
Lightning array as the center- 
piece of the disaster recovery 
and business continuity sys- 
tem they offer. That system 
will synchronously replicate 
between a primary and sec- 
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ondary site less than 60 miles 
apart and asynchronously 
replicate to a third array thou- 
sands of miles away. 

The HP StorageWorks Mul- 
ti-Site Disaster Tolerant Solu- 
tion combines HP’s software, 
hardware, networking and ser- 
vices with Hitachi's array to al- 
low users to recover applica- 
tion processing in less than one 
hour if a local or regional dis- 
aster occurs, Schultz said. 


One Relationship 
For Steve Strout, CIO of Mor- 
ris Communications Corp. in 
Augusta, Ga., the services 
partnership between HP and 
Hitachi will speed the imple- 
mentation of a disaster recov- 
ery system he plans to have in 
place by October for backing 
up his SAP and Microsoft Ex- 
change application servers. 
Strout said one of the big- 
gest benefits from the partner- 
ship is the ability to get the 





HP, Hitachi to Offer Disaster Recovery Services 


high-end Hitachi array with- 
out having to configure or 
download the HP replication 
software. 

“I want to have one relation- 
ship,” he said. “This allows 
them to do system-to-system 
backups without me having 
to do a lot of systems adminis- 
tration. This provided me a 
much better and faster imple- 
mentation.” 

Strout has so far purchased 
two StorageWorks XP arrays, 
each with 7TB of capacity, for 
business continuity. He plans 
on mirroring data between 
data centers in Augusta and 
Atlanta. Strout said he will 
eventually purchase a third ar- 
ray for longer-distance disas- 
ter recovery. 

Schultz said a three-site dis- 
aster recovery system will cost 
on average between $1.5 mil- 
lion and $3 million, depending 
on how the arrays and net- 
works are configured. B 
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MCI Names AT&T 
Exec President, COO 


After weeks of responding to al- 
legations of wrongdoing by chief 
competitor AT&T Corp., MCI 
(which is still legally known as 
WorldCom Inc.) last week an- 
nounced the appointment of 
Richard R. Roscitt, a former 
AT&T executive, as its president 
and chief operating officer, re- 
porting to CEO Michael Capellas. 
Roscitt was previously president 
of AT&T Business Services and 
president and CEO of AT&T 
Solutions. 


PE TRANS 


HP Buys .Net 
Consulting Firm 


Hewlett-Packard Co. last week 
said it has agreed to buy a con- 
sulting company that specializes 
in designing and implementing 
systems and applications based 
on Microsoft Corp.’s .Net archi- 
tecture for Web services. At- 
lanta-based Extreme Logic Inc. 
will become a wholly owned sub- 
sidiary operating as part of HP’s 
services division. Financial terms 
weren't disclosed. 





Sun to Replace 
Entry-Level Server 
Sun Microsystems Inc. last week 
said it will replace its entry-level 
Intel Pentium lil-based server 
with Intel Xeon-based systems in 
mid-October. The Sun Fire V60x 
and V65x servers will fill the 
low-end spot in Sun’s x86 prod- 
uct line and run Solaris or Linux. 


New Protocol Helps 
Boost Wi-Fi Sales 


The market for 802.11, or Wi-Fi, 
wireless LAN equipment grew in 
the second quarter, driven in 
part by users embracing the re- 
cently standardized 802.11g 
technology, said Dell’Oro Group 
Inc. in Redwood City, Calif. 
Worldwide Wi-Fi unit shipments 
grew 6% from the first quarter, 
but falling prices limited revenue 
growth to 2%, Dell’Oro said. 


Retailer Boosts Efficiency of 
‘Linux Virtual Server Project 


| Department store chain saves money 
| on hardware, IT staff using Levanta 2.0 


NEWS 





BY TODD R. WEISS 
ITH A shrinking 
IT staff anda 
flat IT budget, 
Boscov’s De- 
partment Store needed a way 
to increase the efficiency of 
deploying Linux virtual 
servers on its underutilized 
IBM zSeries mainframe. 

After first trying to set up 
the virtual servers himself, pro- 
grammer Rob Schwartz found 
that by installing a copy of 


virtual server on the main- 
frame, he was wasting large 


| amounts of memory and disk 
| space. He determined that us- 


ing read-only file sharing 
would solve the problems, but 


| setting up such a system would 


be difficult to do on his own. 
That’s the scenario behind 


| Boscov’s deployment of 

| Linuxcare Inc.’s Levanta 2.0, 
| which was introduced at the 
recent LinuxWorld conference | 


in San Francisco. 

Joe Poole, technical support 
manager at Reading, Pa.-based 
Boscov’s, said he had heard 


| about Levanta at an IT confer- 
| ence two years ago. Poole said 
| that at the time, the first-gen- 


eration Levanta offering was 


could help him. “They were 


| building something, and I saw 


value in it” and volunteered to 


| become a beta tester, he said. 


Using Levanta, Boscov’s was 


| able to set up about two-dozen 


virtual Linux servers, while 


| sharing binaries and executa- 
| bles, Schwartz said. The virtual | 
| servers are replacing ahost of | 


Windows NT servers, includ- 
ing ll production systems and 
10 test systems. 

Although he declined to 
provide a dollar figure, Poole 
said the regional department 
store chain has saved money 
on hardware and IT staff by 
using Levanta. “To bring in 
new server instances [as 





they’re needed] costs no more 
money, once you have this 
equipment,” he said. 

Schwartz is managing the 
company’s Linux environment 
on his own. 

In addition, Levanta allows 
Schwartz to configure the Lin- 
ux instances with specific 
rights for other IT workers at 
Boscov's so they can perform 
their work without having full 
access to the mainframe, said 


| Poole. “It gives [Schwartz] 
SuSE Linux AG’s Linux on each | 


| control to give control to oth- 
ers,” he said. 

Pricing for San Francisco- 
based Linuxcare’s Levanta 2.0 
for a z/900 mainframe begins 
at $100,000 per Integrated Fa- 
cility for Linux. The applica- 
tion can run Red Hat Inc.’s 
Linux 7.2 or SuSE Linux Enter- 
prise Server operating systems 
for the virtual servers. 

Levanta runs on the main- 
frame’s IBM z/VM operating 
system, making it possible for 
IT workers with little z/VM 
expertise to quickly configure 
and run the virtual Linux 
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servers, said John Phelps, an 
analyst at Gartner Inc. in 
Stamford, Conn. 

“You could do it on your 
own, but it would take you a 
lot more work,” he said. D 





Group Releases Set of Guidelines for 
Building Interoperable Web Services 


Vendors expected 
to support Basic 
Profile in products 
BY CAROL SLIWA 


Users concerned about being 
able to build interoperable 


| Web services got an encourag- 


ing sign last week when an in- 
dustry group released a long- 
awaited set of guidelines that 


| vendors are expected to sup- 
| port in products. 
| the only product he found that | 


The Web Services Interop- 
erability Organization (WS-D, 


| whose 170 members include 
| : 
vendors and user companies, 


Basic 
Profile 10 


The WS-| released a set of guide- 
lines to show how the following 
specifications should be used to 
build interoperable Web services: 


@ SOAP 1.1 


= XML Schema 


| announced the availability of 
its Basic Profile 1.0 guidelines, 
which detail how a set of core 
Web services specifications 
should be used to build inter- 
operable Web services. 

In developing the Basic Pro- 
file, the WS-I addressed about 
200 problematic issues related 
to the specifications and their 
interoperability, said Steven 
VanRoekel, director of Web 
services at Microsoft Corp. 

The WS-I has also pledged 
| to release test tools that can be 
| used to check if an application 
| is compliant with the Basic 
| Profile. Test tools are due this 
fall for both the Java and C# 
development environments. 
| Sample applications are also 
| scheduled to be made avail- 
| able to provide developers de- 
| sign, implementation, test and 
| deployment scenarios in vari- 
| ous business situations on 10 
| different platforms. 
| The Basic Profile guidelines 

are intended for vendors, large 

corporations and industry 
consortia developing software 
and tools that can be used to 
write Web services, said Jason 

Bloomberg, an analyst at Zap- 

Think LLC in Waltham, Mass. 











“A lot of the gray areas with 
the basic Web services stan- 
dards are now resolved, and 
we can move on to the more 
challenging areas: security, 
management, reliability and 
transactions,” Bloomberg said. 

The WS-I is continuing 
work on Version 1.1 of the Ba- 
sic Profile, which will add sup- 
port for attachments in SOAP- 
based messages, and on the 
Basic Security Profile. 

But it remains unclear what 
the WS-I’s plans are for SOAP 
1.2, according to VanRoekel. 
The new version of SOAP, 


| which the World Wide Web 
| Consortium finalized in June, 


brings substantial improve- 
ments over the 1.1 edition that 
became the de facto standard 
among vendors. 

Tom Glover, chairman of 
the WS-I, has said that the 
group will consider incorpo- 
rating SOAP 1.2 into a future 
version of the Basic Profile. 

The WS-I’s membership in- 
cludes major vendors such as 
Hewlett-Packard Co., IBM, Mi- 
crosoft and Oracle Corp. and 
enterprise users such as 
Charles Schwab & Co. and 
Merrill Lynch & Co. D 
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Windows Up 
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date Patch 


Process Faulty, Expert Says 


Claims flaw fools users into thinking that 
their systems have been patched properly 





BY JAIKUMAR VIJAYAN 
Microsoft Corp.’s Windows 
Update patch management 
program has a critical short- 
coming that, in some cases, 
could fool users into thinking 
they have been properly 
patched against 

some vulnerabili- 

ties when in fact 

they have not, a 

security expert 

said last week. 

The claim, made by Russ 
Cooper, moderator of the pop- 
ular NTBugtraq mailing list 
and an analyst at Reston, Va.- 
based TruSecure Corp., was 
strongly refuted by Microsoft 
as being unfounded. 

According to Cooper, the 
problem lies in the manner in 
which the Windows Update 
program verifies whether a 
system has a particular patch. 

Windows Update relies only 





on the “registry key” informa- 
tion associated with each 
patch to determine if a system 
has a specific patch, Cooper 
said. 

When a user goes to the 
Windows Update site, a pro- 

gram first scans 
the user’s system 
for the registry 
keys to determine 
what patches are 
installed on the system. 

The problem is that a sys- 
tem may have the registry 
keys associated with a particu- 
lar patch, even though the 
patch itself may not be in- 
stalled. This can happen, for 
instance, if a machine crashes 
or is turned off during the 
patch installation process or 
because of insufficient system 
resources to install a patch, ac- 
cording to Cooper. 

In such cases, Windows Up- 





| date is fooled into thinking the 


system is patched because all 
it’s using to verify the exis- 
tence of a patch is the associ- 
ated registry-key information, 
Cooper said. It’s for this rea- 
son that other patch manage- 
ment products look for patch- 


| specific file information in ad- 
| dition to registry-key informa- 


tion when verifying the exis- 


tence of a patch, he said. 


| On the Defensive 


Stephen Toulouse, a security 
program manager at Micro- 
soft, dismissed Cooper’s 


| claims and insisted that Win- 
| dows Update has “for several 


months” been checking for 


| file versions in addition to 
| registry keys when scanning 
| for patches. 


Citing the patch for the lat- 


| est Windows remote proce- 
| dure call vulnerability (MS03- 
026), Toulouse said there have 


been “tens of millions of suc- 
cessful implementations of 


| this patch, and we haven’t 
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heard of a situation where 
customers think they have in- 
stalled the patch and then find 
out they haven't.” 

Toulouse added that the 
method Cooper used to dem- 
onstrate the problem was a 
highly unlikely and “artificial” 
scenario. 

“It is entirely possible to try 
and make something fail,” 
Toulouse said. “The question 
is, how realistic is the sce- 
nario?” 

Windows Update is check- 
ing file versions for the latest 
patch relating to the Windows 
vulnerability that Blaster took 
advantage of, Cooper said. 
But the same isn’t true for all 
patches, he claimed. 

“There are many other seri- 
ous security vulnerabilities 
that are addressed by other 


| Microsoft patches that can be 


spoofed by simply writing a 


| registry value,” according to 
| one security expert, who re- 


quested anonymity. 
As of Aug. 13, patches for at 
least three critical vulnerabili- 


| ties announced this year could 


be spoofed using registry keys, 
according to the source. 

At least one user has given 
up on Windows Update alto- 
gether. Vivek Kundra, director 


Biaster to 
Windows 


@ A distributed denial-of-service 
attack against Microsoft's Win- 
dows Update site may start on 
Aug. 16. 


& The attack could cause internet 
disruptions beginning that day. 

© Starting Jan. 1, 2004, the 
worm will switch to cyclic be- 
havior in which it attacks the 
Microsoft site from the 16th of 
each month to the end of the 
month. On the remaining days, 
it will scan for other vulnerable 
systems. 


JEPARTMENT OF HOMELAND SECURITY 


URGE 


of infrastructure technologies 
for Arlington County, Va., last 


| week said his department had 


problems using the Windows 


Update server technology to 


deploy the patches. 
Although the county gov- 


| ernment began the process us- 
| ing Microsoft’s Windows Up- 
| date process, it had to aban- 


don the approach because the 
patches didn’t always deploy 
properly on the county’s 3,500 
workstations. As a result, it 


| switched to Novell Inc.’s ZEN- 
| works to distribute the patch- 


es, Kundra said. D 





Continued from page 1 


Blaster 


everything else to go take care 
of [patching]. And the reality 
is, we only have a finite 
amount of resources” to do 
that, Jahne said. 

Banner had to patch more 
than 500 servers and 8,000 
workstations to protect itself 
against the vulnerability that 
Blaster exploited. “I can tell 
you, it’s been one heck of an 
effort on a lot of people’s part 
to do that,” Jahne added. 

For the longer term, Banner 
is studying the feasibility of 
partitioning its networks in 
order to minimize the effect 
of vulnerabilities, he said. 

Adding to the patching 
problem is the fact that com- 
panies, especially larger and 
more distributed ones, need 
time to properly test each 
patch before they can deploy 





it, said Art Manion, an Inter- 


| net security consultant at the 
| CERT Coordination Center at 


Carnegie Mellon University 
in Pittsburgh. 
That’s because patches 


| haven’t always worked or have 
| broken the applications they 


were meant to protect, said 
Marc Willebeek-LeMair, chief 
technology officer at Tipping- 
Point Technologies Inc., an 
Austin-based vendor of intru- 
sion-prevention products. 

Companies also need to 
schedule downtime in ad- 
vance to deploy such patches, 
said Kevin Ott, vice president 
of technology at Terra Nova 
Trading LLC, a Chicago-based 
financial services firm. 

“We work in a 24-by-7 envi- 


a as 
ronment, so there is a limited 


scope for downtime” in which 
to deploy patches, he said. 
But the stunning quickness 
at which Blaster exploited 
Windows’ remote procedure 








| call vulnerability is a sign that 


companies are going to have 


| to respond to new threats 


even faster than they do today, 


| said Chuck Adams, chief secu- 
| rity officer at NetSolve Inc., 
an IT services company in 


Austin. 
Although worms such as 
SQL Slammer didn’t appear 


until eight months after the 


[Three or four 
days] is not 


| going to work any 
| longer. | need some- 
| thing that can cut 


the process down 
to a few hours, if 


| not minutes. 


VIVEK KUNDRA, DIRECTOR OF 
INFRASTRUCTURE TECHNOLOGIES, 
ARLINGTON COUNTY, VA 





vulnerability was announced, 
Blaster was released in just 
one month, Adams said. 

That means companies will 
need to somehow find ways to 
lessen the time it takes to test 


| and deploy patches, said Vivek 


Kundra, director of infrastruc- 


| ture technologies for Arling- 
| ton County, Va. Currently, 
| Arlington County needs about 


three or four days to push out 
patches across its networks. 

“(Three or four days] is not 
going to work any longer,” 
Kundra said. “I need some- 
thing that can cut the process 
down to a few hours, if not 
minutes.” 

The county is looking at 
outsourcing its patch manage- 
ment process to a third party. 
Also under consideration is a 
plan to adopt a more automat- 
ed process for testing and de- 
ploying software patches, 
Kundra said. 

“Sometimes [patching] can 


| be more an art than a sci- 


ence,” said Hugh McArthur, 


| information systems security 


officer at Online Resources 
Corp., a McLean, Va.-based 


| application service provider 


for more than 500 financial 


institutions. 


“There will be times when 


| you may need to make a judg- 
| ment call balancing risk, ap- 
| propriate testing [and] miti- 


gating factors,” he said. 
Even so, patching remains 


| the best available option, ac- 

| cording to Bruce Blitch, CIO 

| at Tessenderlo Kerle Inc., a 

|} multinational chemical com- 

| pany with U.S. headquarters in 
| Phoenix. 


“Everyone would no doubt 


| agree that having completely 
; error- and exploit-proof code 


would be the most desirable 


| situation,” Blitch said. In the 


absence of that, he said, “we’re 
convinced that [patching] is 


| the best strategy.” D 
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Mohegan Sun Puts Its Chips on 
Customer Retention Technology 


Casino evaluates funds 
transfer and blackjack 
surveillance systems 





BY THOMAS HOFFMAN 

UNCASVILLE, CONN 

The Mohegan Sun casino next month 
plans to begin testing two technologies 
that officials at the gaming resort hope 
will help lower costs and improve its 
customer retention rates and profit 
margins. 

In one project, Mohegan Sun will in- 
stall automated funds transfer (AFT) 
technology on 300 to 400 of the high- 
roller slot machines in its two casinos 
here. The technology is based on soft- 
ware from Advanced Casino Systems 
Corp. in Egg Harbor Township, N,J., 
and will let slots players establish 
credit with the casino and then use 
magnetic cards to download all or part 
of those funds into a slot machine. 

The second test involves a video 
surveillance and data-collection sys- 
tem that will be installed at 10 of Mo- 
hegan Sun’s 130 blackjack tables. Black- 





jack players will be able to swipe their 
casino cards through readers built into 
chair armrests, and the system will 
track the size and frequency of their 
bets and integrate the data 
into a player rating system 
that runs on an IBM AS/400 
server. 

Mohegan Sun expects sev- 
eral benefits from the AFT 
system, CIO Daniel Garrow 
said this month in an inter- 
view. Currently, if a slots 
player wins a jackpot of 
more than $1,200, the ma- 
chine locks up while he is 
asked to fill out a form for 
the Internal Revenue Ser- 
vice. But with the AFT technology, “we 
can allow the player to keep playing, 
since they’re not withdrawing the 
funds right away,” he said. 

Patricia Wright, an analyst at Fitch 
Ratings Ltd. in New York, said casinos 
that have installed so-called ticket-in, 
ticket-out technologies have realized 
“good savings, since there’s less down- 
time on slot machines because they 
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with its AFT system. 
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don’t have to refill them constantly.” 

The blackjack-table monitoring sys- 
tem that Mohegan Sun plans to test 
was developed by MindPlay LLC in 
Bellevue, Wash. Pattern-recognition al- 
gorithms analyze betting images cap 
tured by video cameras to determine 
chip denominations and gamblers’ wa- 
ger amounts, said MindPlay. The data 
collected from the table is 
sent to a MindPlay server 
and can be integrated with a 
casino’s player rating system. 

The monitoring system 
will not only help Mohegan 
Sun root out players who are 
counting cards but also help 
it generate more accurate 
player ratings than its current 
approach, which relies on pit 
managers, Garrow said. More 
accurate ratings could pre- 
vent Mohegan Sun from ex- 
tending more credit to high rollers 
than it needs to, thus saving the casino 
money, he added. 

If the casino decides to roll out 
MindPlay’s system at all of its black- 
jack tables, the total cost could be 
about $3 million, Garrow said. But 
Wright said that similar table-surveil- 
lance systems are among the hottest 
technologies casinos are deploying. D 





Soviet Skills Draw R&D Work 


_ BY PATRICK THIBODEAU 


The U.S. IT industry is tapping into 
the technological prowess of the for- 
mer Soviet Union, which is emerging 
as a research and development center 
for software and telecommunications 
companies, a recent report by Ab- 
erdeen Group Inc. has found. 

But the region’s software develop- 
ment skills, which can be accessed at a 
cost well below U.S. rates, is also ap- 
pealing to managers of non-IT firms. 
Craig Maccubbin, vice president of 
technology at online travel service 
LasVegas.com, is one of them. 

“Many [Russian developers] are ex- 
Soviet military technologists and pro- 
grammers, and because of that, they 
have had classical training in software 
development,” he said. “They are so 
disciplined that there is almost a level 
of inflexibility to their approach.” But, 
Maccubbin added, that level of disci- 
pline also “helps the process of work- 
ing with them immensely.” 

Boston-based Aberdeen found that 
IT vendors are Russia’s largest off- 
shore contingent, accounting for about 
three-fourths of all the offshore work 





done there, said analyst Stephen Lane, 
who wrote the report. 

IT companies are setting up devel- 
opment centers in Russia to help build 
a market there and to utilize Russian 
talent for high-end development. 

“What they do have is a culture that 
is focused on problem-solving and fo- 
cused on using technology in an innov- 
ative fashion,” Lane said. But “there is 
not a Russian company out there that 
can compete with an Indian company 
in terms of scale or scope,” he added. 
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Maccubbin uses Epam Systems Inc., 
a services provider in Princeton, N]J., 
that has operations in Moscow and 
Minsk, Belarus. He said he relies on the 
development workers in Minsk to build 
and maintain most of the Web site’s 
back-end functions. But the customer- 
facing aspects, such as graphic design 
work and other “defining characteris- 
tics,” are handled in the U.S. “You can’t 
outsource that to anybody,” he said. 
Developers in the U.S. charge about 
$38 per hour, while the Russian per- 
hour rate is up to $20 less, he added. 

Bob Pryor, who heads Cap Gemini 
Ernst & Young’s outsourcing services 
in New York, agreed that Russia’s 
workers have advanced technological 
skills. However, he said, the country 
will remain a small part of the offshore 
outsourcing market because its gov- 
ernment isn’t developing the industry. 
“I don’t see any significant investment 
for new skills and capabilities,” he said. 

Marc Herbet, executive vice presi- 
dent of Sierra Atlantic Inc., an applica- 
tion management company in Fremont, 
Calif., that runs an offshore center in 
India, said Russia may well take off as 
an offshore outsourcing center if Euro- 
peans begin embracing offshore work, 
particularly because of the proximity. D 





Get 
Set... 


Are you set to save space 
and minimize installation 
and maintenance costs 

with a modular manageable, 
pre-engineered architecture? 


Y 


“If | had purchased the incumbent 
vendor's 3-phase upgrade model, 

| would have paid 75% more in service 
PT ee mee ee 

| would have had to utilize 50% more 
of my precious floor space.” 


Orel anata 
Support Services Division 
City of Newport Beach Police Department 


Many IT professionals have switched 
from an inflexible proprietary system to 


network critical physical infrastructure. 


me NUL el 


E-mail: esupport@apcc.com © 132 Fairgrounds Road, West Kingston, Rl 02892 USA 
©2003 American Power Conversion Corporation. All Trademarks are the property of 
their respective owners. ISX2C3EF-US 





ADVERTISEMENT 


infraStruXure™ 
is the Key to 
Stronger NCPI 


by Russell Senesac 
InfraStruXure Product Manager 


APC InfraStruXure™ architecture is the industry's 
new benchmark for on-demand network-critical 
physical infrastructure (NCPI). The foundation of IT 
networks, NCPI consists of power, power distribu- 
tion, racks, cabling, cable distribution, cooling, and 
cooling distribution. Strong NCPI defends your IT 
networks against security and availability problems. 


Complementing these benefits of strong NCPI is 
InfraStruXure's open, adaptable, integrated ap- 
proach, which ensures optimal performance and 
lower upfront and operating costs. InfraStruXure 
fully integrates power, cooling, management and 
services within a rack-optimized design. 


Power 

InfraStruXure architecture features rack-optimized, 
intelligent UPSs and power distribution units that 
are highly manageable, modular, and pre-engineered 
to meet the demands of the smallest wiring closet to 
the largest data center. 


Cooling 

Cooling solutions designed for InfraStruXure are 
extremely flexible, fitting almost any data environment 
as though custom-made, but without the extensive engi- 
neering that traditional cooling systems require. 


Management 

InfraStruXure boasts the industry's only fully integrated 
power management solution. Monitor the elements of 
your data center, understand how your InfraStruXure is 
performing and, when necessary, take action remotely to 
ensure service levels are met—all from a Web browser on 
your desktop computer. You'll be able to maximize avail- 
ability through system-level proactive management. 
InfraStruXure management solutions are easy to use and 
require little to no training. 


Services 

A full menu of professional services, performed by 
APC Global Services experts, supports your 
InfraStruXure architecture. Whether building a new 
installation or retrofitting InfraStruXure into your 
existing [T environment, a range of services is able to 
meet your specific needs. Factory-trained professionals 
commission the elements of your InfraStruXure, 
understand how it is performing and, when necessary, 
take action to ensure optimal service levels are met. 


The Result 

With InfraStruXure, you get the reliability, afford- 
ability and predictability of standard solutions, yet 
completely customized for your specific problems. 
As your requirements change, InfraStruXure easily 
adapts, allowing you to build out or scale back 
capacity as it is required. ™ 


FREE White Paper and InfraStructure™ Brochure 


Visit http://promo.apc.com Key Code m906y 
Call 888-289-APCC x2928 © Fax 401-788-2797 





Go! 


Are you going to take advantage of 
this availability solution to prevent 
costly downtime? 
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OPINION 





MARYFRAN JOHNSON 


Untrustworthy Computing 


E ALL KNEW IT was coming, didn’t 
we? There was no surprise when the 
Blaster worm began its Internet ram- 
page last week. 


This latest crippling 
attack was launched 
against yet another secu- 
rity hole in Windows. We 
were warned a month 
ago, remember? Right 
around the time Micro- 
soft was giddily signing 
a $90 million enterprise 
software deal with the 
U.S. Department of 
Homeland Security (oh, 
the irony), it was sol- 
emnly warning that three 
serious new flaws had been discov- 
ered in Windows. 

One of those babies was destined 
to be exploited by the now-infamous 
Blaster (a.k.a. Lovsan), a pernicious 
self-propagating worm that has in- 
fected more than 100,000 systems 
worldwide. Homes and businesses 
alike have been hit, their computers 
repeatedly shutting down. The wave 
of massive inconvenience and frus- 
tration has gotten TV, radio and 
newspaper coverage everywhere. 
Another black eye — not just for Mi- 
crosoft, but for the technology indus- 
try, too. When it’s not spam clogging 
your e-mail, it’s a barrage of viruses 
and worms disabling your PC. 

The cure was almost as bad as the 
disease. Updated virus protection 
definitions (a bit sluggish in making 
their appearance from the major se- 
curity vendors) had to be down- 
loaded and installed in a global IT 
fire drill. Since all versions of Win- 
dows XP, 2000, NT 4 and Windows 
Server 2003 carry this flaw, they also 
had to be patched ASAP. Did your 
IT department have better things to 
do last week? Tough luck, huh? 

“The thing about patching is that 
it is so darn reactive. And that can 
kill you,” Dave Jahne, a senior secu- 
rity analyst at Banner Health System 
in Phoenix, told our reporter [Quick- 





Link 40608]. “You need 
to literally drop every- 
thing else to go take care 
of patching.” 

Even worse — as if 
things could be — is that 
the Microsoft patches 
aren’t even considered 
trustworthy enough to 
roll into a production en- 
vironment without addi- 
tional quality testing. In 
Arlington County, Va., 
for example, the IT staff 

ran into deployment problems last 
week while using Windows Update 
server technology and switched to 
Novell’s ZENworks so that staffers 
could automatically distribute the 
necessary patches, said Vivek Kun- 
dra, director of infrastructure tech- 
nologies. 

Among the many IT professionals 
watching this wormy nightmare un- 
fold was Carl Ness, distributed in- 
formation systems coordinator at 
Clarke College in Dubuque, Iowa. 
He e-mailed me with a straightfor- 





ward but difficult question: Why? 

“Why aren’t people, especially at 
the chief executive level, asking: 
‘Why are we still using this stuff? ” 
Ness wanted to know. “If these 
problems were at this level for any 
other operating system, executives 
would have demanded that it be 
ripped out and replaced.” 

A longtime Novell and Unix user, 
Ness has 33 servers in production at 
the 1,200-student college, and only 
half a dozen of those run Windows. 
Yet he finds it maddening that dis- 
ruptions like the Blaster worm are 
becoming business as usual. “We 
should not accept the phrase, ‘Well, 
it’s Microsoft, we just have to put up 
with it,’ ” Ness said, contending that 
IT pros need to push their managers 
harder to consider alternatives to 
Microsoft. Where is the tipping 
point for your company? How much 
more business disruption can you 
sustain? 

Even the little snot who launched 
the Blaster worm zeroed in on Mi- 
crosoft’s software quality failings 
with this message embedded in the 
code: “billy gates why do you make 
this possible? Stop making money 
and fix your software.” 

That might be the answer — if 
only he could. B 
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PIMM FOX 


Rx for 
Integration 


IKE AN off-the-rack suit, 

hugely integrated, tight- 

ly coupled application 
suites give you little room for 


customization or extension. 

The problem with business process 
integration, as adroitly described by 
Greg Grosh, founder and vice president 
of Data Junction Corp. in Austin, is that 
you can’t connect your mighty applica- 
tion to, say, a customer’s SAP system, 
because each installation is unique and 
requires discrete connectors. 

This condition is forcing a re-evalua- 
tion of business-process integration. 
It’s no longer a consultant-led, money- 
draining cornucopia of solutions de- 
signed to satisfy every possible sce- 
nario. 

Sorry, there’s no 
one-size-fits-all sil- 
ver bullet. Instead, 
you have to opt for 
more flexible and or- 
ganic solutions that 
don’t require a com- 
plete reworking of 
your core data or ap- 
plications. Integra- 
tion tools that work 
at the edge of your 
IT organization solv- 
ing real problems (without the atten- 
tion of high-cost IT coders) are the or- 
der of day. 

Here are some reasons why. 

First, you can’t afford to hire a passel 
of IT consultants to camp out in your 
offices while your workforce clamors 
for a basic fix to let one application 
connect to another. 

“Business-process integration should 
be straightforward,” says Grosh. “It’s 
having two different apps or processes 
that you want to act as one.” And you 
can’t afford to wait until the vendor 
gets around to developing the perfect 
integration package. 

Second, stop the abstractions, those 
layers of access for programmers. You 
shouldn’t face a new application pro- 
gramming interface every time you 
want to do something small. There’s 
no need to accept the burden of drilling 
down into — and then adding onto — 
the heart of your IT operation in order 
to align one application with another. 

Third, there is change and failure. 
Any worthwhile integration solution 
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recognizes the necessity of changes to 
the IT environment on at least one 
side; you, your partner or your cus- 
tomer will change something in an ap- 
plication. Your integration strategy 
must incorporate the costs for quick 
implementation of changes or for fixes 
of broken connections. 

“People in accounts payable should 
be able to work with integration tools 
to make changes to a [purchase order],” 
Grosh claims. “You shouldn’t have to 
hire a $400-an-hour consultant.” 

A hint for considering a vendor: Ask 
where its revenue comes from — soft- 
ware sales or service? That tells you 
where your money will go. 

Integration tools need to be simple, 
leave small footprints and operate on 
multiple systems without reconfigura- 
tion — that’s something everyone can 
appreciate. DB 


MICHAEL GARTENBERG 


Mac Myths 
And IT 


F YOURS IS LIKE most IT 

departments, you proba- 

bly aren’t deploying Mac- 
intosh systems in large num- 
bers. And if you’re deploying 
them at all, you’re doing so in niche 
spaces such as graphic arts, multi- 
media and publishing. 

But the truth is that Mac OS has 
changed quite a bit in the past few 
years, and today’s Apple systems offer 
a reasonable alternative to Wintel sys- 
tems for many mainstream uses and 
are often best-of-breed tools for tasks 
such as desktop publishing, multime- 
dia and other content creation. OS X, 
code-named Jaguar, and the recently 
announced successor called Panther 
are rock-solid Unix at the core, with 
Apple’s elegant user interface on top. 
But if you plan on deploying them 
you'll need to overcome your precon- 
ceptions regarding three myths about 
the Mac that still linger. 

The first myth is that Apple comput- 
ers are expensive relative to their PC 
cousins. Though Apple is certainly not 
a discount brand and will almost never 
offer the cheapest computers available, 
Macs are certainly price-competitive 
with PCs. Users do pay some premium 
for both the Apple brand and the inno- 
vation that goes into the company’s of- 
ten brilliant hardware design, but the 
premium isn’t out of line with what 
users already pay for name-brand sys- 


OPINION 


tems from vendors such as 
Sony, Hewlett-Packard or 
IBM. In many cases, compa- 
rable Apple systems are 
priced similarly,andinsome « 
cases they’re even cheaper 
than the competition. 
The second myth is that 
there’s a lack of software 
available. Although OS X 
doesn’t offer the sheer num- 
ber of titles that Windows 
offers, there’s an abundance 
of business software for the 
Macintosh. In some mar- 
kets, such as content cre- 
ation, there’s actually more 
software available for the Mac. In addi- 
tion, Microsoft offers a complete and 
compatible version of Office for the 
Macintosh, so knowledge workers can 
easily share documents and communi- 


| cate with colleagues across operating 


systems. Apple’s support of Web-based 
Internet standards means most Inter- 
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net-based applications 
will simply run without 
modification. The occa- 
sional lack of a specific ap- 
plication might hold back 
some deployments, but 
most organizations will 
never hit that wall. 
The third myth is that 
Apple architectures are 
based on proprietary pro- 
tocols. Though that was 
certainly true in the past, 
it isn’t an accurate portray- 
al of Apple today. Now, 
Mac OS is one of the most 
: standards-driven operat- 
ing systems you can purchase. From 
MPEG 4 support in QuickTime to full 
TCP/IP support for networking and 
Wi-Fi protocols for wireless access, 
Macs are a seamless fit for most orga- 
nizations’ infrastructure. (Apple was 


actually the first operating system ven- | 


dor to bundle TCP/IP support into a 


| commercial operating system.) 


Does this mean Mac OS is right for 


| your organization? Not necessarily. But 


it does mean your organization has 


| more viable choices for desktop sys- 
| tems than you might have thought. 


Certainly, deploying Mac OS in areas 


| that depend heavily on content cre- 

| ation makes good sense, but there are 

| probably other places that could bene- 
| fit as well. Most IT departments 

| lament the lack of choice among desk- 


top operating systems. The truth is 
that there are choices out there, and vi- 
able ones at that. IT departments that 


| can overcome their traditional preju- 
| dices against Apple may well discover 
| that there’s a new PowerBook or G5 in 


their future, and once they do, they 
may never go back to Windows. B 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site 
www.computerworld.com/columns 








Outsourcing Angst 


OES THIS GET your biood boil- 

ing like it does mine [“Gartner 
Says 5% of Corporate IT Jobs 
Could Go Offshore by 2005,” Quick- 
Link 40344]? | see the accelerating 
trend of outsourcing American jobs 
as shortsighted, displacing not only 
today’s job but tomorrow's as well, 
all to reduce corporate expenditures 
so that management can line their 
pockets today. 
Olan Knight 
Senior programmer/analyst, 
Dallas 


Labor on the Cheap 


N HER LETTER of July 21 
[QuickLink 39592], Linda Kil- 
crease asks, “Why not instead hire 

the hundreds of thousands of 
skilled, permanently laid-off U.S. 
workers who have lost their jobs 
because of the H-1B and L-1 visas, 
and really benefit the U.S.?” The 
first thing to point out is that H-1B 
and L-1 visa holders pay U.S. taxes 
just as U.S. citizens do, so where is 
the benefit to the U.S.? 

The statement that cheap labor 
is the only reason to want foreign 
workers in the U.S. is flawed. There 
is another very good reason to do 
this: better and more appropriate 
skills. | have lived and worked in the 
U.S. for six years now, and | have all 


a 


too often encountered the “not my 
job” mentality in the IT arena. There 
is also a reluctance to take any ini- 
tiative. | don’t place all the blame for 
this on the workforce; a manage- 
ment ethos of wanting to point fin- 
gers and apportion blame is far too 
prevalent in many U.S. businesses, 
and this naturally results in overly 
cautious staff. Don't blame over- 
seas workers for taking advantage 
of the chances that come their way. 
|, for one, am actually earning less 


countries, but | choose to live here. 


er myself cheap labor, | do agree 
that | am worth a lot more than | am 
being paid. But who doesn’t? 
Kevin E. Ferguson 

Lead system programmer, 
American National Insurance 
Co., Galveston, Texas 


Unsettled Law 


OLUMNIST Ari Kaplan has 
some good points, but he 


file sharing are fully settled [“Shar- 
ing Is Nice, but It's Also a Crime,” 
QuickLink 40217]. Many of these 
new laws will have to be confirmed 
by the courts, and they will certainly 
be challenged on the basis of un- 
constitutional limitations to “fair 
use.” And they may very well result 





in the correction of both patent and 


here in the U.S. than | could in other | 
Ponchatoula, La. 
Whereas | don’t necessarily consid- 


writes as if matters concerning P2P | 
| though the product documentation 
| indicates that this problem will be 





copyright law to drastically shorten 
the time limits and even to limit 
patents and copyrights to the origi- 
nal human creator. The idea of 
patents and copyrights is to give 
the originator adequate time to de- 
velop and market a product before 
it enters the public domain, but the 
time needed to do this has been 


| drastically shortened by technolo- 
gy. It follows that the time period for | 
both copyrights and patents should | 


also be drastically shortened. 
Charles J. Lingo 


Shaky Driver 


S A POINT OF INTEREST, it 

should be noted that Micro- 
soft's iSCSI Driver 1.0 doesn’t sup- 
port dynamic volumes under Win- 


| dows 2000 or 2003 [QuickLink 


39646]. So while it will allow ac- 


| cess to basic volumes, these can't 
| be expanded without destroying the 
| partition, since creating a volume 


set is a dynamic disk feature. This 
means its usefulness is limited, 


fixed in future releases. 

It should also be noted that 
testing of this driver during a re- 
cent iSCSI technology evaluation 
showed it to have questionable sta- 
bility in a clean build environment 
compared with alternate iSCSI ac- 





cess methods. As with any Version 


| 1.0 software, my advice would be to 
| tread warily. 


Mark Mulhoiland 


| Senior systems consultant, 
| Eagle Technology Group, 
| Auckland, New Zealand, 


mark.mulholland@eagle.co.nz 


Patch Cycle 


EY, YOU ALL GOT what you 
wanted [“Latest Vulnerability 


| Includes Windows Server 2003,” 
| QuickLink 39988]. You wanted Mi- 
; crosoft over Novell, and now you've 


got it. | sat back and watched and 


| shook my head 


Oops, time for you to add anoth- 


| er patch and reboot! Hurry! 
| Robert J. Ostman Sr. 


Systems engineer, Severn, Md., 


| rostman@qis.net 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 
will be edited for brevity and clarity. 


They should be addressed to Jamie 
| Eckle, letters editor, Computerworld, 


PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 


| Fax: (508) 879-4843. 
| E-mail: letters@computerworld.com 


Include an address and phone num- 
ber for immediate verification 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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their lifetime value and achieve greater competitive 


advantage. To find out how leading companies are 
reaping the rewards of SAS customer intelligence 
software, call 1 866 270 5723 or visit our Web site. 
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TECHNOLOGY 


Corralling Security Data 

As security devices proliferate, admin- 
istrators face the daunting task of 
collecting and correlating data from 
disparate sources. Vendors offer tools 
that can help, but customization and 
scripting are still difficult. Page 28 


FUTURE WATCH 


New Spin for Electronics 
IBM’s spintronics technology has 
already increased disk drive capaci- 
ties. A planned semiconductor im- 
plementation may blur the line be- 
tween storage and memory. Page 30 


RFID Tunes Into 
Supply Chains 


Outlook: Retailers and their suppliers are | 


testing radio frequency identification 
tags, but production apps and mature 
software are still years off. By Carol Sliwa 


I. 
Vt EVERYONE IN 
the retail indus- 
try stopped and 
took notice 
when Wal-Mart Stores Inc. declared 
in June that it will urge its top 100 
suppliers to deliver pallets and cases 


equipped with radio frequency identi- 


fication (RFID) tags by 2005. Any di- 
rective issued by the world’s largest 
retailer has the potential to drive 
sweeping adoption, and this particu- 
lar one could spell major changes for 
supply chain management. 

Wal-Mart thinks that the nascent 
technology, which can automatically 
identify a container’s contents with- 
out requiring line-of-sight scanners, 
can help to reduce the costs associat- 
ed with tracking inventory. 

Given that Wal-Mart moved 2.5 bil- 
lion cases through its distribution 
centers during one six-month period 
jast year, it’s not hard to imagine the 
savings that the company might real- 
ize by reducing the time and labor 
associated with inventory tracking. 

One of the chief suppliers to the re- 
tail industry, Procter & Gamble Co., 





Glossary 


RADIO FREQUENCY IDENTIFICA- 
TION: A method of identifying unique 
items using radio waves. While lasers 
must see a bar code to read it, radio 
waves don’t require line of sight and 
can pass through materials such as 
cardboard and plastic. 


TRANSPONDER: A radio transmitter/ 
receiver that’s activated when it re- 
ceives a predetermined signal. RFID 
tags are sometimes referred to as 
transponders. 


PASSIVE TAG: An RFID tag that 
doesn’t use a battery. The tag draws 


SOURCE: AUTO-ID CENTER 


has another angle. The Cincinnati- 
based company estimates that 10% to 
16% of its products may be out of 
stock at any moment. Reducing that 
number by even 10% or 20% could 
mean a revenue boost of between 1% 


and 3%, says Larry Kellam, director of 


business-to-business supply network 
innovation at the consumer goods 
maker. With over $40 billion in annu- 
al revenue, that would translate to 
more than $400 million in new rev- 
enue. 

But neither suppliers nor retailers 
will realize much benefit until the 
technology overcomes a series of 
technical and engineering hurdles. 
For instance, the tags need to come 
down in price. To do that, manufac- 
turers need orders for billions of tags, 
and they need to improve their manu- 
facturing processes to support those 
volumes. 

Tag readers also need to improve in 
both performance and price. In addi- 
tion, the software infrastructure to 
handle RFID tag data must advance 
past the work-in-progress stage, and 
standards need to be established to 
enable different vendors’ tags and 
readers to work together using a wide 
range of radio frequencies. 

“It’s one of the most overhyped 
technologies that we're talking about 
today,” says Jeff Woods, an analyst at 
Stamford, Conn.-based Gartner Inc. 
“It’s going to require a lot of creative 
thinking and hard work to get from 
vision to reality.” 





_ RFID RESOURCE GUIDE 


For more on RFID technology and a list of product 
vendors, visit our Web site: 


QuickLink a3530 
www.computerworld.com 


SECURITY MANAGER'S JOURNAL 


Faulty Rules Foul 

Router Protection 

Here’s how an administrator’s simple, 
time-saving step ended up voiding a 
router rule — and left a corporate LAN 
open to denial-of-service attacks. Page 32 


BU ce aR Meme iO Ree 
pere, Finland, contains a chip (the 
small black square) and a coiled anten- 
na that are connected by a bridge. The 
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Tags Get Cheaper 


AN RFID TAG, also known as a transpon- 
der, contains an antenna and a micro- 
chip that transmits information about 
the tagged item to a reader. The tag 
reader then converts the radio waves 
returned from the tag into a digital 
form that can be passed to computer 
systems. 

The technology has been used for 
years to track animals, collect toils on 
highways and grant access to buildings. 
But cost has kept RFID tags from being 
used on a large scale to identify and 
track goods in the retail supply chain. 

P&G’s Larry Kellam says tags were a 
dollar apiece in 1999 when the compa- 
ny began looking at RFID technology 
to curb counterfeiting and retail theft 
and reduce out-of-stock situations. So 
P&G joined The Gillette Co. and Uni- 
form Code Council Inc. as founding 
sponsors of the Auto-ID Center, an in- 
dustry-funded research project at MIT. 

One of the Auto-ID Center’s chief 
missions has been to find a way to re- 
duce the cost of RFID tags. The center 
recommends the use of passive tags 
containing a limited amount ef infor- 
mation, because chips with less memo- 
ry are cheaper. Passive tags draw pow- 
er from electromagnetic waves that 

Continued on page 26 
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Continued from page 23 

the tag’s readers generate, whereas 
more expensive battery-powered 
active tags broadcast signals. 

The Auto-ID Center’s researchers 
also realized that the tag’s silicon chips 
would need to be smaller to lower the 
cost. But reducing the size of the chips 
isn’t easy, since robots have trouble 
handling chips that are the size of 
pieces of glitter, notes Kevin Ashton, 
executive director of the Auto-ID Cen- 
ter, who is on loan from P&G. 

Alien Technology Corp. in Morgan 
Hill, Calif., an Auto-ID Center sponsor, 
is at the forefront of a new chip-pack- 
aging process called fluidic self-assem- 
biy that it hopes will reduce the cost of 
passive tags from 50 cents in small 
quantities today to 5 cents at a volume 
of 10 billion by 2006, says Tom Pounds, 
vice president of corporate develop- 
ment and product strategy. An Alien 
manufacturing line capable of produc- 
ing a billion units annually will go on- 
line early next year, and a second man- 
ufacturing line capable of producing 10 
billion units per year is planned for 
2005, Pounds says. 

Gillette made waves earlier this year 
when it negotiated a deal with Alien to 
purchase up to 500 million tags. Com- 
pany spokesman Paul Fox says Gillette 
will achieve its goal of a sub-10-cent 
tag for field tests over the next few 
years, although Gartner's Jeff Woods 
says he thinks Alien is losing money 
on that deal. 

Even though Gillette is doing pilots 
with European retailers on individual 
items, the company doesn’t foresee 
item-level tagging in production for at 
least 10 years, according to Fox. For 
that to happen, per-tag costs must 
drop to a penny or less, he says. 

Both Wal-Mart and Gillette have de- 
cided to focus on pallets and cases. 
The Bentonville, Ark.-based retailer 
this spring scrapped plans for a store 
trial with Gillette. Wal-Mart spokes- 
man Tom Williams says item-level 
RFID is years away for the retailer. 

Those testing the technology are en- 
countering challenges at the pallet and 
case level. Woods says some users are 
experiencing read rates of less than 
80% with tags. Wal-Mart found radio- 
wave interference problems in field 
tests of 500 pallets of paper towels. 

And metal and liquids don’t mix 
well with radio waves. That meant that 
P&G had to test different tags, since 
Bounty towels have different proper- 
ties than Pantene shampoo. 

“These problems are not fundamen- 
tal,” Ashton claims. “They will be 
solved with time and experience.” 


TECHNOLOGY 


Readers Are Fundamental 


A TAG READER COMMUNICATES with an 
RFID tag and passes on the informa- 
tion to software applications. Readers 
work with passive tags using a 
method known as inductive coupling, 
in which a reader’s antenna creates a 
magnetic field with the tag’s antenna. 
Although passive tags keep costs 
down, their readers can still cost 
more than $1,000, and most read only 
chips that use a single frequency. To 
address the problem, the Auto-ID 
Center designed reference specifica- 
tions for software-based “agile” read- 
ers that can read different types of 
tags and tags that operate at varying 
frequencies. Ashton predicts that the 
reader cost can be cut to $100 to $200 


| each at a volume of 10,000 units with- 
| in three years. 
“That’s an important step, because 

| it means you no longer have to have a 
| proprietary tag-reader combination,” 
says Jim Crawford, vice president of 
Retail Forward Inc., a research and 
| consulting firm in Columbus, Ohio. 
“Tt lets you put in a single infrastruc- 
ture to read multiple tags.” 

But Paula Rosenblum, an analyst at 
| Boston-based AMR Research Inc., 
| says there’s little evidence that the 
| price of readers is dropping. Many 
| readers don’t work reliably, she adds. 

The read range of a tag depends on 
the the reader’s power, the frequency 
| that the reader and tag use to commu- 


| 





The Software Conundrum 


EVEN IF ALL THE TAG AND READER issues are 
worked out, simply slapping tags on 
pallets, cases or individual products 
and installing readers won’t produce 
the real-time flow of data that retail- 
ers and suppliers need to gain the full 
benefits of RFID technology. RFID is 
going to change business processes so 
fundamentally that users will have to 
either install new, possibly experi- 
mental applications or endure a mas- 
sive rewrite of existing programs, 
warns Gartner’s Jeff Woods. 

“I don’t see anything [happening] 
with RFID-centric warehouse man- 
agement or manufacturing, or even 
retail processes,” he says. “It’s a clas- 
sic innovators’ dilemma, because 
everyone is so heavily invested in 


| bar-code-based infrastructure and 


processes that they are the least likely 
ones to make the wholesale transition 


| quickly.” 


The first applications will emerge 


| in the next two to three years, Woods 
| says. Emerging vendors, such as Oat- 


Systems Inc. in Watertown, Mass., are 
working on the problem, as are estab- 


| lished vendors such as Manhattan As- 
| sociates Inc., SAP AG and IBM. 


“Through 2007, we’re going to see 
primarily applications that use RFID 
tags in the context of bar-code-based 
processes — things like receiving at 


| the back door with an RFID tag in- 
| stead of a bar code,” Woods predicts. 
| “It’s the three-to-seven-year time 


frame when we will start to see en- 


The Auto-ID Center's Futuristic Vision for RFID 


1. Tags embedded with microchips and tiny 
radio antennas are affixed to products, cases 
and pallets, Each tag stores a unique electronic 
product code (EPC). 

2. Areader beams a radio wave that is picked 
up bya tag's antenna. The tag “wakes up” and 
broadcasts its EPC to the reader. 

3. The readers sends the EPCs to a computer 
tunning server software called a Savant. 

4. The Savant sends the EPC over the Internet 
ora private network to an Object Name Service 


(ONS) database server, 
which refers it to another 
server that contains informa- 
tion about the tagged product in Physical 
Markup Language (PML) format. 
5. The PML server sends the requested data 
back to the Savant. 
6. Through prebuilt application interfaces, the 
Savant sends the information to the back-end 
inventory, warehousing, manufacturing or retail 
systems. 


DUE FOR RELEASE IN SEPTEMBER 
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A stationary reader from Matrics Inc. in 
Cee) Ee Ma eM Corte (ele e lM 
held units for use at shorter range. 


nicate, and antenna size. 

Gene Alvarez, an analyst at Meta 
Group Inc., says a powerful reader 
will be needed to read a passive tag 
from long distances. The read range 
for a passive tag is now three to six 
meters, he says. 


tirely new processes come about.” 

The Auto-ID Center’s response to 
managing the flow of data is special- 
purpose server software, called a Sa- 
vant, which it predicts will be running 
in stores, distribution centers, offices 
and factories. Savants will gather, 
store and act on information and in- 
teract with other Savants, deciding 
which information needs to be for- 
warded up or down the supply chain, 
the center claims. 

Under the Auto-ID Center’s pro- 
posal, RFID tags will contain a limited 
amount of information in a 64- or 96- 
bit electronic product code (EPC). 


The reader pulls the EPC from the tag 


and passes it to a Savant, which in 
turn forwards it to an Object Name 
Service server and then a Physical 
Markup Language server on a local 
network or the Internet to find infor- 
mation stored about the product. The 
Savant can then retrieve the file and 
forward it to the company’s inventory 
or supply chain applications. 

“The Auto-ID Center moved the 
problem of data from the tag into the 
system,” says Steve Halliday, presi- 
dent of High Tech Aid in Gibsonia, 
Pa. But he predicts that some compa- 
nies will want tags that can store 
more data so they can find out the 
contents of pallets and cases on the 
spot where the tags are scanned, 
rather than having to connect to a 
Savant and other servers. 

“All that RFID does for a retailer or 
a manufacturer is give them more 
granular information about their 
products,” says Crawford. “Mastering 
that process is the critical efficiency 
issue for the next 20 years easily for 
retailers and manufacturers.” D 
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The first annual QUALCOMM 3G cdmA-List Awards honor the.most in vative and successful enterprise.wireless data 

solutions based on 3G CDMA2000 networks, devices and business ap} itions. The Awards w spotlight ess data 

implementations that demonstrate exemplary creativity, innovative industry use or quantifiable return-on-investment (ROP) for 
Li 

the winning companies. Presénted at a’private reception at CTIA Wireless IT 2 3, A-List widners will enjoy A-List treatment 

Las Vegas. Fo nominate your company-or one you deem worthy for the A-List, go to www.3qcdmalist.com today 

to find out how 3G CDMA can go to work for your business visit www.qualcomm.com/enterprise 
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IKE MANY COMPANIES, On- 

line Resources Corp. has 

deployed host- and net- 

work-based intrusion- 

detection systems (IDS), 
firewalls and antivirus tools on its net- 
works. But until it installed a security 
event management suite, the company 
had a hard time dealing with the del- 
uge of data pouring in from its various 
security systems. Not only was the in- 
coming data voluminous and highly 
unreliable, but the IT staff also had to 
collect it from each system and then 
manually correlate it. 

The Security Information Manage- 
ment suite from Edison, N.J.-based 
NetForensics Inc. has changed that by 
automating Online Resources’ process 
of gathering, consolidating, correlating 
and prioritizing that data, says Hugh 
McArthur, information security officer 
at the Reston, Va.-based online bill 
processor. “It has given us a single 
place where we can go to get the infor- 
mation we need,” he says. 

Many companies are turning to cen- 
tralized security event management 
tools to help them make sense of cru- 
cial security information, analysts say. 
The ever-increasing number of secu- 
rity appliances around the network 
perimeter has created a stream of data 
that needs to be analyzed and correlat- 
ed, says Michael Engle, vice president 
of information security at Lehman 
Brothers Holdings Inc. in New York. 
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SECURITY 


Security event management tools can 
consolidate and correlate data from disparate 
security devices across the network security 

perimeter, reducing the analysis workload. 
By Jaikumar Vijayan 
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New and proposed regulations that 
will require companies to constantly 
monitor their networks for security in- 
cidents are also increasing interest in 
these tools, says Michael Rasmussen, 
an analyst at Forrester Research Inc. in 
Cambridge, Mass. “There is a tremen- 
dous driver in the security standards 
and legislation area. The reason why 
people are buying [such technology] is 
a direct result of this,” he says. 


Volume Control 


IDSs, firewalls and antivirus software, 
as well as operating systems and appli- 
cations software, can detect and report 
an enormous number of security events 
daily, say users and analysts. 

For instance, the security incident 
management system at Lehman gath- 
ers and analyzes information about 
more than 1 million events from 15 
different systems daily, according to 
Engle. This includes data from IDSs 
and authentication systems, a tele- 
phony password reset system and an 
anomaly-detection system, as well as 
logs from Lehman’s main e-commerce, 
Windows and Unix systems. 

By year’s end, the firm hopes to have 
a new system in place that will help it 
gather and analyze more than 80 mil- 
lion daily events, including consolidat- 
ed firewall log data. 

Sifting through this volume of data 
without some sort of consolidation 
and correlation technology is nearly 
impossible, thereby making the data 
worthless, says Pete White, a security 
architect at Houston-based M.D. An- 
derson Cancer Center, whose own fire- 
walls generate between 15 and 30 alerts 
every second. Security event manage- 
ment software helps “separate the 
wheat from the chaff,” he says. 

Event management software can 
help cut through the noise, Engle 
agrees. The software works by collect- 
ing information from individual secu- 
rity systems such as IDSs and firewalls. 
While some products deploy agent 
software to collect the information 
flowing out of them, others just use the 
Simple Network Management Protocol 
reports and system logs generated by 
such systems. 

The tools then typically “normalize” 
the data by converting it into a com- 
mon format and automatically filtering 
out duplicate data, such as multiple 
entries for the same virus attack. The 
normalized data is then dumped into a 
central database or repository, where 
correlation software can match data 
from different systems and look for 
patterns that might indicate an attack 
or threat. 





SORTING THROUGH THE PRODUCTS 


Finally, threats are prioritized based 
on their severity and the importance 
of the systems that are vulnerable. 
Data that suggests an attack against 
a critical e-commerce server, for in- 
stance, would be given a higher priority 
than an attack against a file server. 

IT security administrators can view 
the information using a Web- or Java- 
based console, or dashboard, or the sys- 
tem can be configured to send alerts to 
pagers or other devices. Dashboards 
can give companies a real-time snap- 
shot of what’s going on inside the cor- 
porate network. “We are able to see 
events happen more quickly. It allows 
us to react faster if we see some activity 
bubble up in our systems,” says White. 

The benefits of deploying such soft- 
ware can be enormous, Engle says. 
When Lehman first installed an IDS 
in 1999, it generated more than 600 
alerts daily—most of them false 
alarms. Today, thanks to the event- 
correlation features of its management 
system, administrators receive fewer 
than 10 per day. The system today is 
“turning more than | million events 
down to less than 10 alerts,” Engle says. 
Such technology allows companies like 
Lehman to pinpoint threats far more 
efficiently, identify trends that might 





indicate an emerging threat and fine- 
tune incident response, Forrester’s 
Rasmussen says. 

The data that centralized event man- 
agement systems capture and store is 
also useful for forensic analysis, says 
Nitin Ved, chief operating officer at 
NetForensics. Such systems let compa- 
nies drill down into the details of an 
attack, piece together relevant infor- 
mation from different systems and 
quickly build a composite of events 
leading up to a security incident. 

The technology lets administrators 
do all this without the dedicated atten- 
tion to individual systems that would 
otherwise be required, says Bill Steven- 
son, security manager at Irvine, Calif.- 
based New Century Financial Corp., 
which uses the NetForensics suite. 


The Downside 
The events statistics maintained by 
security event-correlation systems can 
also be useful for measuring the effec- 
tiveness of IT security, says White. But 
as with any other technology, there are 
several major caveats associated with 
the use of such products. The biggest 
has to do with the quality of the data 
that is fed into such systems. 

The old adage “garbage in, garbage 





out” holds true with both event and 
incident management software, says 
Sweta Duseja, a product manager at 
security vendor Check Point Software 
Technologies Ltd. in Seattle. That’s 
why it’s important to ensure that the 
right filters and rules are set for cap- 
turing the information that’s fed into 
the system, Engle says. 

Indiscriminate data collection can 
create problems. For instance, every 
time a user clicked on CNN’s Web site, 
it generated 144 separate log events on 
Lehman’s systems, most of which were 
useless data. “Initially, we were send- 
ing too much data into the system be- 
cause we thought that would put us in 
a good place,” Engle says. 

Also, implementing event-correla- 
tion technologies often involves a de- 
gree of customization that may not be 
apparent at first, White cautions. De- 
spite the support for multivendor tech- 
nologies touted by several vendors, 
users often need to develop scripts for 
capturing information from specific 
security devices — an effort that can 
be time-consuming and costly, White 
adds. 

The tools can also impose quite a 
steep storage requirement on the orga- 
nization, depending on what it wants 
to do with the data, says New Centu- 
ry’s Stevenson. “It all depends on how 
many devices you are plugging into the 
system and how far back you want to 
go with the data. It can be for as little 
as a month or two or for as long as six 
years. You never know,” he says. For 
this reason, many products support up 
to 2TB of data out of the box. 

Despite the growing maturity of such 
technologies, no single product can 
gather ail the relevant security-related 
information from across operating sys- 
tems, applications and the network, 
Rasmussen says. For instance, while 
some products may excel at gathering 
network-level data, other products may 
do so at an operating system level. 

Upfront costs can be steep as well. 
Event management systems typically 
start at over $100,000. That puts them 
out of reach for many businesses that 
would otherwise be attracted to them, 
says Bill Spernow, chief information 
security officer at the Georgia Student 
Finance Commission in Tucker, Ga. 

But for organizations that can afford 
it, users and analysts say, the technol- 
ogy can yield rich benefits. D 


PRODUCTS AND VENDORS 


For a sample listing of vendors of security event 
management software, visit our Web site: 


QuickLink 40089 
www.computerworld.com 
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Subatomic properties 
will remake computing. 
By Gary H. Anthes 


| 


oe ee 


FUTURE 
WATCHS 


MAGINE A DATA STORAGE DEVICE 
the size of an atom, working at the 
speed of light. 

Imagine a microprocessor whose 
circuits could be changed on the fly. 
One minute, it would be optimized for 
database access, the next for transac- 
tion processing and the next for scien- 
tific number-crunching. 

Finally, imagine a computer memory 
thousands of times denser and faster 
than today’s memories. And non- 
volatile, so it retains its con- 
tents when the power is off. 

All of these and more are on 
computing’s horizon, thanks to 
the exploding field of spin- 
tronics. Spintronics, from 


| “spin transport electronics,” isn’t en- 
| tirely new. The spintronic effect called 


giant magneto-resistance was intro- 
duced by IBM in 1997 in its GMR disk- 


| read head. As a result, disk capacities 
| have jumped by a factor of 100 in the 


past five years. 
Electronic circuits are driven by 
electron flows, which have a charge 


| that can be measured and controlled. 





But electrons not only flow; they also 
spin like tiny bar magnets. Depending 
on their orientation, the spins are said 
to be “up” or “down.” 

This additional variable, or “degree 
of freedom,” means that electrons 
can do more things and convey more 
information than they do in conven- 
tional electronics. “Spin gives you an 
additional knob to turn,” explains 
Stuart Wolf, a program manager at the 
Defense Advanced Research Projects 
Agency (DARPA), which is funding 
much of the spintronics research in 
the U.S. 

The most immediate research goal 
is to produce magnetic random-access 
memory (MRAM), which stores data 
using magnetism rather than electrical 
charges. Unlike the dynamic RAM in 
your PC, MRAM is nonvolatile. 

IBM is working with Munich-based 
Infineon Technologies AG and says it 
will have MRAM in production as early 
as 2005. It will be 50 times faster than 
DRAM and 10 times denser 
than static RAM, and it 
could eventually replace 
both, says Stuart Parkin, an 
IBM fellow at the compa- 
ny’s Almaden Research 
Center in San Jose. 

Others have even sug- 
gested that MRAM might 
replace disks for data stor- 
age. Putting logic and stor- 
age in a single chip would 
eliminate the slow disk I/O that’s a bot- 
tleneck in most computer processing. 

IBM’s MRAM will use magnetic tun- 
nel junctions, an application of spin- 
tronics in which electrons are allowed 
to “tunnel” between two ferromagnetic 


| layers based on their spin. Each junc- 
| tion can store one bit. “It promises a 


sort of universal RAM with very high 
performance — high writing and read- 
ing speeds — plus very high density 


| and nonvolatility,” Parkin says. 


Nuclear Memories 

Further out, researchers are working 
on still more exotic applications of 
spin. David Awschalom, director of the 
Center for Spintronics and Quantum 
Computation at the University of Cali- 
fornia, Santa Barbara, is looking at 
what might be done with the spin of 


| an atom’s nucleus, a new idea. 


“The subatomic part of the atom 
would store the information, and the 
electron would act as the bus to carry 
information in and out of the nuclear 
subsystem,” Awschalom says. 

He aims to build an optical-based in- 
formation processor in which beams of 


| light would transfer information to the 





WHAT IT DOES 


Spintronics seeks to 
harness the spin of 
et ee Mm Lets 6 1 Ce) 
to their charge, to 
build superpowerful 
devices for comput- 
ing, communications 
and data storage. 
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nucleus through electrons. Such nu- 
clear memories would be “many or- 
ders of magnitude” denser and faster 
than traditional semiconductor memo- 
ries, he says. 

Indeed, more broadly, the thrust of 
spintronics research will be to com- 
bine electronics and photonics with 
magnetism — which traditionally in- 
volves metals — in semiconductor ma- 
terials. That will enable ultrafast and 


| ultraefficient submicron devices that 


integrate computing, communications 
and storage. The slow interfaces be- 
tween different materials that convert 
one kind of signal or property into an- 
other would be gone, and the latencies 
that typically slow the movement of 
data from one processing stage to an- 
other would be greatly reduced. 
“You'd have everything integrated in 


| amuch simpler circuit,” says DARPA’s 


Wolf. “They would be much like exist- 


| ing semiconductor devices, except the 
| current is spin-polarized.” That would 


enable, for example, the 
construction of very fast 
communication switches. 
“You could call it spin 
photonics,” he says. “They 
can easily operate at tera- 
hertz speeds.” 

A semiconductor device 
can’t use spin until a way 
is found to get spin-polar- 
ized electrons into it, and 
that has proved difficult. 
But IBM recently demonstrated that 
it can use magnetic tunnel junctions 
to inject the current, as they do for 
MRAM. 

IBM’s Parkin says spintronic semi- 
conductors could be used to build re- 
configurable logic devices. “So maybe 
your computer could be optimized for 
certain instructions by rearranging the 
way [logic] gates are connected, on the 
fly,” he says. 

Another tough challenge has been 
to create magnetic semiconductors 
that sustain their spin states at room 
temperature, but physicists, materials 
scientists and engineers have made 
tremendous progress on that front 
just this year. “We are not quite there 
yet,” Awschalom says. “But it’s a rap- 
idly moving field. If you’d asked me 
a year ago where we'd be today, I 
would have been largely wrong in 
my assessment.” 

The rapid development of spintron- 
ics seems likely to continue, says 
Awschalom. “The theory is in quite 


| sound shape. What’s exciting about 


this field is there are no obvious show- 
stoppers. There are many challenges, 


| though.” D 





HEADPHONES THAT OFFER SUPERIOR NOISE REDUCTION 
AND EXCEPTIONAL AUDIO. WHAT COULD BE BETTER? 


THE NEW AND IMPROVED MODEL. 


hen our original 
QuietComfort® 
headphones were _intro- 
duced, Upscale magazine 
called them “revolutionary.” 
The Boston Globe wrote, “with 
the Bose Acoustic Noise Cancelling 
headsets on, the airplane roar became a 
whisper.” And audio critic Rich Warren named 
them his “product of the year.” 


Imagine what you'll say about our new 
QuietComfort®2 headphones — which 
combine the exceptional noise-reduction 
technology of our original headphones 
with dramatically improved audio per- 
formance and enhanced convenience. 


REMARKABLE NOISE REDUCTION. 
We originally designed our noise-reducing headphones for airplane 
travelers. But customers soon started telling us how well they 
work in other noisy places. That's why our new QuietComfort®2 
headphones feature the same patented technology that electroni- 
cally identifies and dramatically reduces noise while faithfully 
preserving the music, movie dialogue or silence you want. So you can 
use them to concentrate at the office, reduce the whine of neighbor- 
hood lawn mowers or watch a movie during 
your next flight. Or simply relax in peace. 


PREMIUM SOUND. The improved audio 

technology inside our new QuietComfort®2 
headphones delivers sound so real, even the subtlest musical 
nuances come through with amazing clarity. When audio critic 
Wayne Thompson heard our new QuietComfort®2 headphones, he 
reported, “Bose engineers have made major improvements.” 
If you're a headphone user, we think you'll agree — this technology 
makes your music sound better. The details come shining through. 


New quiercomeanae 
Acoustic NoIsE 
CANCELLING® HEADPHONES. 


ENHANCED CONVENIENCE. 
Their new fold-flat design means 
they'll slip easily into a bag or brief- 
case. You can listen to portable 
CD/DVD/MP3 players, home 
stereos, computers and in-flight 
entertainment systems — or 
nothing at all. And you can wear 
them for hours, because we've 
ade them so lightweight and comfort- 
WET says, “They feel good — even lux- 
BUS — On your ears.” We say it's easy to 

forget you have them on 


TRY THEM FOR YOURSELF — RISK 
FREE. We don't expect you to take our 
word for how dramatically our new 
headphones reduce noise, how clean 
and full they 
sound or how comfortably they fit 
So we invite you to try them for 30 days 
If you can live without them, return 
them for a full refund. It's that simple. 

Call and ask about our 12-month interest-free payment 
plan.* And discover the kind of performance that has made Bose 
the most respected name in sound 


CALL 1-800-901-0199, EXT. Q@2151 


For information on all our products nieniidiuaib com/q2151 
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Foul 


Router Protection 


Amisconfigured access-control list leaves 
a global network open to a denial-of-service 
attack. By Vince Tuesday 


HIS WEEK, my team and 

I discovered a vulnera- | 

bility in the Cisco Sys- | 

tems Inc. equipment we | 

use in our global network. 
There are 253 possible IP- 
based protocols inIP Version | 
4, and the majority of Cisco 
routers and switches have a 
serious problem with four of | 
them. The flaw leaves un- | 
| 


patched equipment open to de- 
nial-of-service attacks. 
Once the Cisco de- 


vice receives a certain SECURITY 
MANAGER'S 
JOURNAL & 


number of IP packets 
of Type 53, 55, 77 or 
103, it stops function- 
ing. If a switch or 
router doesn’t know 
what to do with a given pack- 
et, it just leaves it in the queue 
until the queue fills up and the 
device stops working. 

The first reports of this vul- 
nerability made it clear that 
the packets had to be targeted 
at the router being attacked in 
order to succeed. I immediate- 
ly thought we would be fine, 
since our core routers have 
access-control lists (ACL). We 
set these up to operate like a 
minifirewall that can allow and 
deny various kinds of traffic. 

To protect our routers, we 
set a rule that routers accept 
specific traffic types coming 
only from our internal man- 
agement machines. We don’t 
bother listing every kind of 
bad data. Instead, we drop 
everything except the handful 
of things we need. So our 
routers drop those four vul- 
nerable protocols without 
processing them, along with 
every other IP-based protocol 
except TCP and the User 
Datagram Protocol. 

This meant we didn’t have 
to do anything. Or did it? We 


checked our internal routers 
to make sure the right protec- 
tions were in place and then 
performed the same check on 
our Internet-facing routers. 
Our firewall drops the four 


| protocols mentioned earlier, 
| so it would be difficult for 


someone to attack our internal 
routers. However, the external 
routers that connect to multi- 
ple Internet service providers 
have to be outside 
the firewall, and so 
they might accept 
those protocols if 
they were miscon- 
figured. 

I checked our ex- 
ternal-facing routers 
from a remote provider’s site, 
connecting to each and scan- 
ning to see on which protocols 
and ports the routers were 
listening, and I was very sur- 
prised when one answered 


on Telnet. 


We use Telnet to manage 
some of our routers because 
not all versions of Cisco’s In- 
ternetworking Operating Sys- 
tem (IOS) support Secure 
Shell, our preferred encryp- 
tion method. But Telnet wasn’t 
supposed to accept connec- 


| checked our 
external-facing 
routers... 
and was very 
surprised when 
one answered 
on Telnet. 





| tions from outside our compa- 


ny. The router’s ACL should 
have limited connections to 
only those from authorized 
devices with addresses inter- 


nal to our network. 


As it turned out, the ACL 
had been applied correctly, 
and other traffic was being 
dropped as designed. Then I 
noticed that the IP address in 
the rule didn’t match the IP 
address of the router I was 
examining. It belonged to an- 
other Internet-facing router. 
A network administrator 
must have cut and pasted 
the rule set for the router’s 


| ACL without editing the IP 
| address. 


After we corrected the IP 
addresses in the ACL, we 
thought we could rest easy: 


| No attacker could get any 
| flawed data to our machines. 


TTL Tempest 


| I have to despise attackers. It’s 
| a professional requirement of 
| the security field to hate those 
| who make our lives difficult. 


But once in a while, I have to 
give the brightest ones a bit 


| of respect. 


Some clever person figured 


| out that you might not have to 


send traffic to a router to get it 


| to process the data. Every pack- 


et on the Internet has a Time 
To Live (TTL) counter setting, 
and every time a router han- 


| dles a packet, its number de- 


creases by 1. This keeps pack- 


| ets from circulating forever. 


If the TTL reaches 0 while 


passing through a router, then 
| that router must process the 

| packet to decide if someone 

| needs to be sent a warning 

| that the packet didn’t make it. 
| I received an e-mail security 


alert from a trusted source 
that said if you arrange the 
TTL of Packet Types 53, 55, 77 


or 103 so that they reach 0 


just as they hit a Cisco router 


| like ours, that router will 








process the packets despite 
the ACL settings. The packets 
won't match the ACL, as they 


| aren’t destined for that router 


but for addresses behind it. If 
the router processes packets 
with these four IP-based pro- 
tocols, then the packets will 
get stuck, and the router will 
fill up and stop. 

That’s clever but annoying, 
because it meant we would’ve 


| had to make sure that we had 


deployed not only the right 
ACLs but also the new ver- 
sions of IOS to fix the prob- 
lem. Each time we thought we 


| had this problem under con- 


trol, it popped up again. We 
can test a new release of IOS, 
but it takes time and is risky to 


| deploy, whereas ACLs are well 


understood and low risk. 
Then, as we were rushing 
about with our testing, Cisco 
contacted us to say that this 
risk doesn’t exist. [t said the 
routers discard the TTL pack- 
ets without problems. Were 


| the hackers wrong? I have to 


trust that Cisco knows best 
what its equipment can do. 

Once the new version of 
IOS is out of testing and de- 
ployed, we'll be safe. Until 
then, we'll closely monitor 
how well the ACLs are pro- 
tecting us. 

The strangest thing about 


| this whole issue has been 
that a large number of our 


customers have asked what 
we’re doing about it. I don’t 


| understand this. I would never 
| ask another company what it 

| was doing, since the answer 

| wouldn’t cause me to do any- 


thing differently. 
I also don’t have the re- 


| . 
sources to ask every supplier 


what it’s doing about such is- 
sues. Rather than try to have 
enough people free to collate 
all that information, I'll just 
protect myself from the possi- 
ble attack, be safe and not 
worry about what others do. B 


| WHAT DO YOU THINK? = 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 


| for obvious reasons. Contact him at vince. 


tuesday@hushmail.com, or join the dis- 
cussion in our forum: QuickLink a1590 
To find a complete archive of our 
Security Manager's Journals, go online to 
© computerworld.com/secjournal 
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Security Bookshelf 
Secure Coding: Principles and 


about writing 

secure code is 

quite timely. 

The authors of 

this guide have plenty of expe- 
rience in trying to produce se- 
cure code, and those experi- 
ences shine through in the 
many real-world examples 
they give and the practical ap- 
proaches they take in architec- 
ture, design, implementation, 
operations and testing. 

This is an excellent book to 
dip into for ideas to improve cod- 
ing practices in your organiza- 
tion. It doesn’t go into all the 
technical details, but it does help 
you make sure that you're ask- 
ing the right questions. Secure 
Coding includes a comprehen- 
sive bibliography and Web links. 

- Vince Tuesday 


Most Underrated 
Vulnerabiliti 


The STAT network security 
unit at Melbourne, Fla.-based 
Harris Corp. released its list of 
the most underrated and most 
overrated security vulnerabili- 
ties a week ago. Remote pro- 
cedure call vulnerabilities 
probably wouldn't top the list 
after last week's bout with the 
Blaster worm: 
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SHARP. 


Digital Document 
Security and IT: 
Everything you 
need to know. 


¢ What are the most significant 
e digital copier security issues? 


¢ How does Sharp protect the 
e network interface? 


A: 


@ How can you be sure that 
e security products actually 
perform as claimed? 


@ How can Sharp improve IT 
e security? 


sharpusa.com 


be sharp” 
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DAN MEZICK 


Outsourcing 2.0: 
Collaborative Development 


ORPORATE IT is in the middle of a 
huge sea change. The Internet has 
made it possible to cut IT costs by 
50% or more by employing out- 
sourcers in jurisdictions with low 
labor costs. What’s the next wave, and what are 
the implications for corporate IT departments? 


The answer is com- 
plicated, but the impli- 
cations are clear: We’re 
moving toward a new 
model for IT outsourc- 
ing, which I call Out- 
sourcing 2.0. At the cen- 
ter of this model are 
new tools that enable 
global collaborative 
development. 

In a few short years, 
corporations are going 
to be paying big money 
for IT professionals 
who can fill a hot new 
job title: collaborative 
development manager. 

This manager will marshal devel- 
opment teams dispersed over the 
globe and tie them together with 
peer-to-peer (P2P) tools to create 
great software. The result will be 
cost savings that exceed the off- 
shore model. 

The tools, which are critical 
connecting points, are here now. 
The open-source community has 
built and leveraged P2P developer 
tools for years. Now Microsoft de- 
velopers can, too. The company 
is hosting an application service 
provider version of SourceSafe on 
www.GotDotNet.com. 

Microsoft has also announced 
collaboration features in the up- 
coming Whidbey version of Visual 
Studio. These features will enable 
developer collaboration worldwide 
and signal that collaborative devel- 
opment is a trend — and not mere- 





ly a fad. This is con- 
firmed by Mike Werner, 
director of Microsoft’s 
emerging business team 
in Boston. “Developer 
collaboration is promot- 
ing community at all 
levels of the software- 
development ecosys- 
tem,” he says. “We rec- 
ognize that one size 
doesn’t fit all, and we 
have to be flexible in 
how we build tools and 
programs for this dy- 
namic segment.” Trans- 
lation: Developer collab- 
oration is a big, Web- 
enabled deal that can’t be ignored. 
What's driving the collaboration | 
trend, and what does it mean for 


| U.S. corporations? First, the wage 


disparity. Offshore compensation 
will rise, U.S. compensation will 
fall, or some combination of the 
two will occur. Direct collaborative 
development between U.S. IT man- 


| agers and freelance offshore devel- 
| opers will drive this trend further. 


Second, specialized service firms 
such as Assembla are catering to 
small companies with bare-bones 
budgets. Over time, these firms will 
target midsize U.S. corporations. 
Larger businesses, valuing pre- 
dictability equally with cost sav- 
ings, are content with traditional 
offshore outsourcing. But that will 
change as some use a mixed model 
and explore the use of collaborative 
P2P development tools. 





The key to this is that IT shops 
stateside will need truly talented 
IT pros to pull it all together. Skills 
needed will include four to six 
years’ IT experience, project man- 
agement skills and solid business 
knowledge. I expect U.S. IT shops 
to start looking seriously at train- 
ing IT managers to handle these 
collaborative project tasks. Al- 
ready, the most confident foreign 
developers and the most cost-moti- 
vated small software start-ups are 
doing just that. 

Astute IT pros with the requisite 
skills will immediately get aligned 
with these forces and create a new 
job in U.S. IT — the collaborative 
development manager. U.S. compa- 
nies that have large IT shops might 
begin looking at the Microsoft 
tools, experimenting with training 
and deploying IT managers to ex- 
plore the potential. As the trend 
gains momentum, a mass of late- 
comers will join the game. 

One aspect corporations will 
have to manage is the close work- 
ing relationships between IT man- 
agers and developers dispersed 
throughout the world that will de- 
velop with the help of daily e-mail. 
If improperly managed, there could 
be problems in these relationships 
if and when an IT manager departs 
for greener pastures. Expect IT 
pros with a proven track record 
in this area to become targets of 
bidding wars. 

The IT megatrend toward collab- 
oration and P2P technologies is ac- 
celerating worldwide. Corporations 
that experiment now by finding the 
right people to make the new col- 
laborative model work will enjoy 
cost savings not available by any 
other method. P 
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Want to cut your IT costs without sacrificing 
performance? PRIMEPOWER Servers from Fujitsu. 


The secret is out. PRIMEPOWER”™ Solaris”- compatible 

servers from Fujitsu® deliver a major breakthrough in 

price/performance compared to our more famous 

competition. Want proof? PRIMEPOWER servers offer 

such an advantage that the world’s leading com- 
panies use them to boost their performance. And there’s a 
PRIMEPOWER server that’s right for any application you need— 
from single CPU, rack-mounted servers to enterprise-ready 
systems that scale to 128 CPUs for unsurpassed performance in 
the data center. 
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Don’t Panic, Push Back 


Worried about a software audit? The worst 
thing you can do is panic. The best thing to 
do, says Portland Public Schools CTO Scott 
Robinson (left), is stand strong and make your 
case against the vendor visit. Page 42 


| alicia ili Ready or Not? 


Check out this new book 
to help you rate your 
company’s preparedness 
for embarking on a CRM 
project. Page 40 





ITH THE ADVENT of 
Song this past spring, 
Delta Air Lines Inc. is 
making a second run 
at the low-fare airline 
market. But whereas 
early low-fare legends like Southwest 
Airlines Inc. billed themselves as no- 
frills, low-tech and high-touch carriers, 
Song touts high levels of all three. 

Promoting itself as the “all-digital 
airline,” Song plans to use a barrage of 
in-flight amenities and entertainment 
to go head-to-head with the leather 
seats and individual seat-back satellite 
TV screens of JetBlue Airways Corp., 
which has been poaching with impuni- 
ty in Atlanta-based Delta’s New York- 
to-Florida backyard. (Song may soon 
face an additional competitor in a 
planned low-fare entry from UAL 
Corp.’s United Air Lines Inc.) 

Song is using a common-sense 
blend of technology and people power 
to drive costs down and revenue up, 
while functioning as a pilot project 
for the greater Delta operation. 


High-Tech Package 


Song is targeted at cost-conscious 
leisure travelers, taking over routes 
from the defunct Delta Express, whose 
demise from cost overruns was partly 
tied to its low-volume, 119-seat 737-200 
jets. Song flies to vacation destina- 
tions, so far mostly in Florida, using a 
fleet of 199-seat 757s. (Adding a 200th 
seat would have required an additional 
flight attendant.) 

Song took off on April 15, but it’s still 
shaking out and gearing up its opera- 
tions. It plans to entice travelers with 
free seat-back digital television and 
will offer movies, cached Internet con- 
tent for shopping (uploaded at the end 
of the flight), MP3 audio, and video 
games that can be played with other 
passengers — all for a price. It will also 
be the first airline to sell brand-name 
food, snacks and drinks and accept 
credit card payments in flight. 

Unfortunately, the much-hyped en- 
tertainment won’t begin being phased 
in until October, and it won't reach all 
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OPINION 
The True Costs of Software 


A simple TCO analysis isn’t enough 
to figure out the underlying costs 
of “free” software, says columnist 
Alan MacCormack. Page 44 





Delta's new all-digital’ Song airlineis a 
testbed for technology and productivity 
improvements. By Kathleen Melymuka 


says there’s been no tug of war over technology between Delta and Song. 


Deltas it 


36 planes until March 2004. “A tough 
way to start — with a bunch of disap- 
pointed customers,” says Mark Riseley, 
a Gartner Inc. analyst who studies the 
low-cost airline industry. To counter- 
balance that, he says, Song needs to 
lead on price and service, and that’s 
where its ability to leverage Delta 
technology can make a difference 
(see “The Delta Nervous System. 

next page). 

“When the business decision was 
made to launch a new airline, re- 
sources came from all over: applica- 
tions, middleware, engineering, field 
services. We all rallied,”says John Jaco- 
bi, vice president of customer systems 
at the airline’s information services 
arm, Delta Technology Inc. “Song is 
just as important” to Delta Technology 
as Delta’s main line is, he noted. 

The result is an impressive package 
of technology — from kiosks to bar- 
coded boarding passes — to cut costs, 
improve service and boost productivity. 

Quick boarding is the key to one of 
the biggest cost-saving innovations at 
Song: the 50-minute turn. (A turn is 
the time it takes to discharge passen- 
gers and baggage; clean the plane; take 
on new passengers, baggage and sup- 
plies; and be ready for take-off.) “The 
biggest deal from an efficiency stand- 
point is to keep the airplanes flying,” 
says Joe Serratelli, vice president for 
productivity at Song. “That’s how com- 
panies drive revenue.” 

Southwest achieved its envied cost 
structure partly as a result of turning 
its 737s in 20 minutes. Song’s 50- 
minute turn is enabled by proprietary 
technology in the air as well as cre- 
ative use of technology on the ground. 
For example, at Song, the gate informa- 
tion screens double as movie screens 
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A Y (www. 
flysong.com) that assists cus- 
tomers in finding the lowest fares, 
buying tickets, checking in and 
printing boarding passes at home 


# Kiosks for automated check-in 
cue Ulcee lene at 
Te 

(coming later this 
year) that will enable customers 
to find a flight and book a ticket 
without human intervention 


af that 

facilitate boarding and reassign- 
LGA Ce EMR Ue Telit 
of a flight cancellation 


z to 
update passengers on flights, 
stand-by or upgrade status, and 
Nicr-UCucim@ee LM tiles (crc (ar Lele Tame) 

to redirect them in case of a gate 
change or cancellation 


for mock horror films like The Thing 
That Wouldn’t Get Out of the Aisle. 
“People chuckle, but they learn some- 
thing about how to board more effi- 
ciently, and we pick up a couple pre- 
cious moments there,” says Serratelli. 
As a result, Song’s aircraft spend 23% 
more time in the air than counterparts 
in Delta’s main line. 

Although Song and Delta share tech- 
nology resources, Jacobi says there’s 
no tug of war because Delta sees Song 
as a testbed for new ideas. “Things that 
work can easily be scaled for Delta,” 
explains Joanne Smith, vice president 
of marketing and customers at Song, 
adding that the 50-minute turn is al- 
ready being considered for adoption 
by the larger Delta. 

Technology can help to keep a lid on 
costs, but it takes more to make a suc- 
cessful airline, Riseley says. “The low- 
cost airline industry is not just about 
delivering to-the-bone cost; it’s decent 
service at to-the-bone cost,” he ex- 
plains. “The customer expectation is 
‘cheap and cheerful,’ and there’s got to 
be equal emphasis on both.” 

For example, he says that self-service 
check-in will make a significant dif- 








ference — if people use it. “But there 
is a hand-holding part of the process 
where you have to get people used to 
the machines,” Riseley says. 

Song understands that and has 
heavily integrated people and tech- 
nology in airport lobbies. “If you just 
throw kiosks out there and hope peo- 
ple will find and love them, that doesn’t 
work,” Serratelli says. “It works better 
if employees are there in the lobby 
as meeters and greeters, directing 
people.” 

This approach has helped Song ex- 
ceed its goal of 80% alternative check- 
in at some airports, he says. 

Song isn’t afraid to use less-sexy 
technology when it makes sense. “The 
age-old problem for airports is pockets 
of time where we're not busy and oth- 
ers where we're getting clobbered 
[with crowds]. But you've got fixed 
staffing,” says Serratelli. Delta and 
Song have addressed that problem in 
some airports with banks of phones 
connected directly to reservations 
agents who can help customers check 
in or change itineraries without wait- 
ing at the counter. The result, he says, 
is “fewer [customers] standing in line, 
and we don’t need to have as many 
people on the front end.” 

People are the one cost that could 
scuttle Song despite its technology, 
Riseley says. Because Song has hired 
from within Delta, it has the same per- 
sonnel costs as the larger airline and _ 
won't have a cost-cutting culture built 
in from the beginning, as a true start- 
up could. “Keeping costs low is not 
just a recipe you follow,” he says. “It’s 
about a philosophy of cost control, and 
that has to apply right across the busi- 
ness and across the staff you hire.” 


Tech Competition 

Whether technology can make enough 
difference to keep Song in the air is 
difficult to answer. Delta won’t divulge 
how much it saves on Web reserva- 
tions and technology-enabled check-in 
vs. person-to-person transactions. But 
Riseley says a reservation done via a 
private Web site can save $4 per trip 
segment (takeoff and landing) over 
one done through a global reservation 
system, and an e-ticket saves about $5. 
Trouble is, these technologies are 
quickly becoming standard. “There’s 

a lot of that in travel already,” he says, 
so they won’t offer much of an advan- 
tage over rivals. 

How much revenue can be gained 
through in-flight sales and digital en- 
tertainment is still unknown, but Rise- 
ley notes that Ryanair.com Ltd., a low- 
cost airline in the U.K., derives 10% of 








é When the busi- 
ness decision 
was made to launch a 
new airline, resources 
came from all over: 
applications, middie- 
ware, engineering, field 
services. We all rallied. 


JOHN JACOBI, VICE PRESIDENT OF CUS- 
TOMER SYSTEMS, DELTA TECHNOLOGY INC. 


its operating revenue from hawking 
goods and services during flights. “So 
there is a potential for ancillary rev- 
enue to be important,” he says. 

Song is also planning to give busi- 
ness partners such as American Ex- 
press Co. a shot at its captive digital 
audience for a fee. 

Song’s onboard technology promises 
to be fun. Whether it will draw travel- 
ers is yet to be seen. Its cost-cutting 





| technologies, for the most part, aren’t 


unique, but they are comprehensive. 
Its revenue-enhancing schemes seem 
like drops in the bucket, but at low- 
cost airlines, every dollar counts. Its 
personnel costs are a big challenge, but 
with the smart use of technology, Song 
seems to be providing good service 
with fewer people. 

Whether Song can succeed may 
depend on how you define success. 
“Stand-alone profitability is not the 
only way to measure success in this 
venture,” said analyst Gary Chase ina 
recent equity research report for Leh- 
man Brothers Holdings Inc. “The true 
barometer of success will be its impact 
on JetBlue.” 

“Song is a defensive move,” Riseley 
agrees. “If it maintains Delta’s overall 
market position and stops JetBlue’s ad- 
vance, that may be enough.” D 


Melymuka is a Computerworld con- 
tributing writer. You can contact her at 
kmelymuka@yahoo.com. 
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NE OF THE BIGGEST MYTHS 
about CRM is the idea 
that any company can 
embrace it and expect re- 
sults. Well, that’s like 
thinking anyone can run 
the New York Marathon. 

Depending on your physical readiness 

(in terms of weight, training and en- 

durance), you could be months or years 

away from even entering, let 

alone completing, the race. 

Similarly, a minimum “orga- 

nizational readiness rating” 

(in terms of customer, 

process and systems maturi- 

ty) must be in place for 

CRM to happen successfully. 

Since CRM is about iden- 
tifying, retaining and increas- 
ing the profitability of your 
best customers, something 
every business under the sun 
ultimately wants to do, it 
seems like the last question 
you’d want to ask is whether 
CRM is for you. Unfortu- 
nately, because you have only a one in 
five chance of success, and simply at- 
tempting the feat will cost $5 to $15,000 
per user per year, you want to be very 
sure you can answer this question. 

You should be looking at CRM only 
if you have a large number of cus- 
tomers (say, more than 5,000), the typi- 
cal customer is worth a lot in terms of 
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profits, and you have a large sales staff 
trying to sell complex, customized 
products in multiple channels (see 
quiz, next page). If not, then the costs 
and disruption that CRM entails won’t 
be worth the benefits, and you should 
look to process improvements and 
simpler tools like contact managers or 
Web-based application services. 

The key to CRM success is to ana- 
lyze your company’s matu- 
rity in four areas: customer 
focus, process, systems and 
people. 


Customer Maturity 


Most companies have a 
very good idea of what it 
costs to build and ship a 
product or create a service 
and the overall revenue 
generated. But a customer- 
focused company wants to 
know the following: 

w Whois likely to buy a given 
product or service? The an- 
swer would enable us to 

target prospects with a similar profile 
and convert them to customers. 

m Why do customers leave for the compe- 
tition? The answers would enable us 
to fix the associated problems and to 
identify other customers facing similar 
issues and prevent them from possibly 
leaving as well. 

w How do customers actually use a product 


CRM: 


Book Excerpt: Figure out your ‘organiza- 
tional readiness rating’ before starting a 
CRM project. By Michael Gentle 


4 





or service, and what's the nature of their in- 
teractions with the company? The answers 
would enable us to identify opportuni- 
ties for cross-selling and upselling. 

Customer maturity is therefore a 
measure of how far a company has 
evolved from a product-based model 
(moving products out the door at mini- 
mum cost) to a customer-based model 
(who’s buying our products, why do 
they like us, how can we measure satis- 
faction, why do they leave, and how 
can we sell them more?). 

Companies with a high level of cus- 
tomer maturity try to identify the most 
profitable customers, quickly answer 
customer questions and even talk to 
ex-customers to figure out why they 
left. These are steppingstones to CRM 
and could result in IT systems such as 
a data warehouse, sales force automa- 
tion, a marketing information system 
and a one-stop call center. 

But each of those evolutionary steps 
can take six months to two years or 
more and cost millions of dollars in the 
process. So the higher the level of cus- 
tomer maturity, the lower the barriers 
on the road to CRM. 


Process Maturity 

The ease with which CRM tools and 
technology can be absorbed into the 
enterprise is directly dependent on 
how mature the processes are in the 
customer-facing functions of sales, 
marketing and customer service. 

Consider the field of software engi- 
neering, where it became readily ap- 
parent that the ability of an IT organi- 
zation to absorb computer-aided soft- 
ware engineering tools was directly 
dependent on the IT department’s 
process maturity. This led to the fa- 
mous process maturity levels defined 
by Watts Humphrey of the Software 
Engineering Institute: 

@ Level 1: Processes are “anything 
goes” and lack even rudimentary pre- 
dictability of schedules and costs. 

@ Level 2: Processes are stable and 
repeatable. There’s rigorous manage- 
ment of commitments, costs, sched- 
ules and changes. 

w Level 3: The organization has de- 
fined the methodology and can consis- 
tently apply it with standard metrics. 
At this point, advanced technology can 
usefully be introduced. 

@ Level 4: The organization now has 
a foundation for continuing process 
improvement. 

It doesn’t take much imagination to 
see that those maturity levels could ap- 
ply equally well to processes like sales, 
marketing and customer service. Cus- 
tomer service and order management 
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departments are by definition process- 
oriented. Sales and marketing depart- 
ments, however, are notorious for their 
lack of process. It’s routine for market- 
ing departments to have little or no 
idea of campaign effectiveness. As for 
sales reps, they’re inherently individu- 
alistic and averse to rules — what 
counts is closing the deal; the “how” is 
secondary. Between first contact with 
a prospect and the closing of a deal, 
black magic is alive and well! So this is 
an enormous opportunity to improve 
sales and marketing processes. 

A maturing sales and marketing de- 
partment is focused on metrics such as 
the sales lead-to-close ratio and the 
sales cycle duration. Such metrics are 
inextricably linked to CRM and could 
result in IT systems such as sales force 
automation, an order configurator and 
interfaces between systems to elimi- 
nate the rekeying of information. 

Companies not yet at the repeatable 
process stage will find it extremely dif- 
ficult, if not impossible, to implement 
CRM software, for the simple reason 
that there are no processes to automate! 
Instead of jumping into the deep end of 
CRM, they should instead concentrate 
on defining their basic processes and 
gradually automating those processes. 


Systems Maturity 


Systems maturity 
is a measure of 
how far a compa- 
ny’s systems have 
that build them. evolved to reflect 
ae its level of cus- 
tomer and process 
maturity. The most important measure- 
ment of systems maturity is the evolu- 
tion from islands of automation to in- 
tegrated systems that share and pass in- 
formation across functional boundaries. 

A company with a low level of 
systems maturity would have com- 
pletely disparate systems — and no in- 
formation-sharing — for sales, orders, 
delivery, billing and customer service. 
An intermediate level of maturity would 
have interfaces between some of those 
systems, some information-sharing and 
a partial view of the customer’s life 
cycle activity. 

At the highest level of maturity, 
there’s full information-sharing and a 
full view of the customer and inter- 
faces to back-office systems. Plus, deci- 
sion support becomes part of the land- 
scape, with transactional data consoli- 
dated to form a data warehouse (and 
possibly spin-off data marts). 

The growth in systems maturity is a 
long-term process, with key interfaces 
and a data warehouse taking up to two 


Systems tend 
Cometic 
the organizations 
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The CRM - 
Readiness Quiz 


Test your company’s maturity 
to see if it’s prepared for a CRM project. 


PART 1: SHOULD YOU EVEN CONSIDER CRM? 


m Do you have a large number of people (more than 30) in sales and 
service in direct contact with customers? 


YES or NO 


Are you in a highly collaborative environment, with customer inter- 
action requiring input from multiple players in sales and service? 


# Do you sell complex products that require a high degree of configu- 
ration and customization? 


# Do you have a large number of customers (more than 5,000)? 


a |s a typical customer relationship worth a lot to you from a profit 
standpoint (will it cost you a lot to lose one)? 


w Can your customers interact with you across multiple channels? 


# Do you have frequent contact with large groups of customers, or all 
customers, across multiple channels? 


= Do you need to customize what you're saying to each customer 
through these channels? 


Scoring: If you have three or fewer yes answers, your company isn’t a 
candidate for CRM. Instead, consider simple tools like contact man- 
agers or Web-based applications, and fix the business processes. If 
you have four or more yes answers, then score one point and continue. 


PART 2: RATE YOUR MATURITY LEVELS 


aw Customer maturity: is the same unique customer identifier (real or 
cross-referenced) used in at least two of the following systems: 
saies, ordering, billing, customer service? Yes = 2 points 


# Process maturity: Do you have repeatable processes in the follow- 
ing functional areas? 


Marketing: Yes = 2 points ¢ Sales: Yes = 3 points 


¢ Order management: Yes = 1 point * Billing: Yes = 1 point 


Customer service: Yes = 1 point 


Add the points and enter the total in the box 
= Systems maturity: 


Do you have a data warehouse that consolidates information about 
customers and products? Yes = 3 points 


Do you have an automatic interface between sales and order man- 
agement (no double entry)? Yes = 2 points 


Do you have an automatic interface (no double entry) between cus- 
tomer service and at least one of the following systems: sales, order 
management, billing? Yes = 2 points 


Add the points and enter the total in the box 


= People maturity: Are your people sufficiently motivated to embrace 
CRM concepts and tools because they're relevant to their jobs? 
Yes = 3 points 


# Start-ups: Is your company in start-up mode or less than two years 
old? Yes = -5 (subtract 5 points) 


Scoring: Add the scores from Part 2, plus the one point from Part 1 
and enter the total here. 








SCORING: 


¢7 points or fewer: Your company isn’t ready for CRM. Concentrate on process improvement and simple tools like contact management software or Web-based applications. 

¢ 8-14 points: Your company is ready for CRM, but much more work remains over the next 12 to 36 months before CRM will yield tangible benefits. 

¢ 15-21 points: This is a rare occurrence! Your company is ready for CRM because of a sufficiently high level of maturity in terms of customers, processes, systems and people. 
CRM is a logical extension of what you already do and will yield benefits in as little as 12 to 24 months. 


years or more to accomplish. But these 
are the building blocks for CRM. 


People Maturity 


Last but not least, let’s not forget about 
people, without whom no process or 
system is going to work anyway. Peo- 
ple aren’t going to spontaneously em- 
brace CRM; they have to be motivated 
to do so. 

Students of psychology and motiva- 
tion know about Maslow’s triangle, 
which explains how motivation is 
based on personal and environmental 
prerequisites, called the “hierarchy of 
needs.” You can’t ask people to em- 
brace concepts like achievement and 
status (esteem) if they haven’t got the 
basic prerequisites of food and shelter 
(physiological). Similarly, it would be a 





mistake to assume that people will be 
naturally motivated to embrace CRM 
just because it makes sense and is good 
for the customer and the company. 
Certain personal and environmental 
prerequisites will also therefore apply. 

In the CRM hierarchy of needs, peo- 
ple will be more likely to be motivated to 
take up CRM if their job descriptions are 
relevant to it. This would then be made 
even easier if they’re generally satisfied 
with their careers, benefit from a good 
working environment and don’t have 
to worry about losing their jobs. 

In practice, the biggest problems with 
CRM motivation are caused by bolting 
CRM responsibilities onto existing jobs 
without redefining performance and 
pay. Think of call center agents whose 
performance criteria are rarely linked 





to real customer satisfaction, but to 
throughput based on routine tasks with | 
little intellectual challenge. A company | 
will spend millions of dollars imple- 
menting a CRM system, then put it in 
front of call center agents earning mini- 
mum wage whose performance criteria 
is based on call quantity rather than 
quality. Another example is in sales, 
where it’s difficult to get top-perform- 
ing salespeople to buy into CRM when 
they associate it with de-skilling their 
jobs and helping their managers look 
over their shoulders and give away the 
best bits of their territories to others. 
It’s not sufficient for a company at 
the executive level to buy into CRM, 
then preach the gospel to the rest of 
the people and expect them to em- 
brace it, too. People will only buy into 


; CRM when they’re motivated to do so 


and when they’ve been properly 
trained to feel comfortable with it. 
While CRM can indeed be for every- 


| one, there are many prerequisites that 
| usually take a few years to achieve. So 


ensure that your company first learns 
to walk before it attempts to run. D 





| Reprinted with permission from The 
| CRM Project Management Handbook, 


by Michael Gentle (Kogan Page Ltd., 
2002). Gentle is an international CRM 


| consultant based in Paris. 





| KNOWLEDGE CENTER ONLINE 


For CRM news, features and resources, visit 
Computerworld’s Web site 
QuickLink k1300 
www.computerworld.com 
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DONT 


Push 


Back 


Worried about a visit from the vendor’s 
software police’? Remember: Software 
audits are negotiable. By Julia King 


HEER, UNADULTERATED PANIC 
That’s typically an IT manager’s 
first response to receiving notice 
of an impending audit, in which 
a software vendor evaluates 
whether the user is complying with 
a software license. 
It’s also exactly the wrong response, 
one that almost guarantees 
repeat audits or threats of 
audits in the years ahead, 
experts say. 
“What a lot of companies that panic 
do — and this is the worst thing you 
can do — is just pay, and that payment 


can be 150% of the original license fee,” 


says Pat Cicala, president and CEO of 
Cicala & Associates LLC in Hoboken, 
N,J. “These same companies then over- 
license for insurance so it will never 
happen again. These are the same 
companies that repetitively are target- 
ed for audits.” 

A far better strategy is to push back 
and push back hard. That’s what Scott 
Robinson, chief technology officer at 
Portland Public Schools in Oregon, did 
after getting an audit letter from Mi- 
crosoft Corp. in March 2002. The let- 
ter, which arrived at the school dis- 
trict’s busiest time of year, gave Robin- 





son 60 days to complete an audit. 
The cost of compliance and the audit 
would equal the cost of 10 teaching po- 
sitions, Robinson says. It would also be 
nearly impossible to document many 
of the district’s 20,000 devices scat- 
tered across 125 buildings, because 
about 6,000 of the machines were do- 
nated. Robinson responded 
quickly and decisively. 
“I told them I'll unplug 


every device [running Microsoft] and 


reimage it with Linux and bring it back 


| online,” he recalls. “They didn’t believe 


me.” But after Robinson proceeded to 
convert five school computer labs, 
each with 30 machines, to Linux, “we 
garnered the attention of the vice pres- 
ident of Microsoft’s education seg- 
ment,” he says. 


FAST FACTS 


Cel yes Titers eu tcl me UT eT Li 
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admit that they'd find it diffi- 
cult to prove ownership of all 
the software they have installed. 


SOURCE: TENAX INC. RICHMOND. VA 





Ultimately, Microsoft backed down 
and even invited Robinson to speak on 


audits and customer relations at a con- 


ference for its salespeople. 

“It’s not that we don’t want to be 
compliant,” Robinson says. “It’s just 
that it should be about working with 
the customer to ensure compliancy, 
rather than just demanding it.” 

Mark Paris, director of in- 
formation systems at Klein- 
felder Inc., a San Diego-based 
construction management 
and engineering services 
company, negotiated his way 
out of a software audit pro- 
posed by Oracle Corp. The 
vendor had lumped together 
three or four reasons for an 
audit, including Kleinfelder’s 
growth as a company and its 
distribution of Oracle reports 
to internal users not licensed on the 
software. Oracle also suggested to 
Paris that it was in Kleinfelder’s best 
interest to change to a different, more 
expensive software licensing model. 

But Paris balked and insisted on ad- 
dressing each of the vendor’s issues in- 
dividually. “Their goal is to have you 
look at this huge thing and put fear in 
your heart. But when the whole foot- 
ball team is running at you at the same 
time, you have to take them on one at a 
time,” he says. 

For example, “on the growth issue, I 
agreed that we were growing, but it 
didn’t make sense to change licensing 
models just yet,” he recalls. “I also dug 
my heels in on the reporting issue,” 
which Oracle’s legal department ulti- 
mately dropped. In the end, Paris says, 
“when we dealt with the issues indi- 


| vidually, there was no reason on Ora- 


cle’s behalf to pursue its strong-arm 
tactic of pursuing an audit.” 

Still, generally speaking, companies 
should expect and plan for software 
vendors to exercise their audit rights 
more aggressively and more frequent- 
ly, warns Jane Disbrow, an analyst at 
Gartner Inc. 

“Part of the reason is the downturn 
in the economy. If you're out selling a 
lot of new products, you don’t have 
time to do audits. If you’re not making 
revenue, the best thing vendors can do 
is see if they can get revenue by mak- 
ing sure current customers are living 
up to licensing agreements,” she says. 

If an audit is inevitable, Disbrow 
advises companies to designate key 
personnel who know about business, 
licensing, security and technical issues 
to deal with all vendor audit requests. 
This cross-functional team should in- 
clude representatives from the IT, pro- 
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curement, legal and internal audit de- 
partments who can gather all internal 
data on license deployment and deter- 
mine upfront the minimum security 
safeguards necessary before allowing 
third-party access. 

Experts agree that the best way to 
deal with a software audit or even the 
threat of one is to have a good asset 
management program, which 
works to dissuade vendors 
from targeting your company 
in the first place. 

“A good program is one 
that includes policies, proce- 
dures and disciplinary stan- 
dards; ongoing training; on- 
going user awareness; meth- 
ods to prevent illegal activity, 
such as monitoring, filtering 
or other technical measures; 
and making sure that all 
users sign off on that policy,” says 
Donna Johnson Edwards, a consultant 
at Tenax Inc., a Richmond, Va.-based 
company specializing in IT compli- 
ance and asset management. 

In contrast, she says, “a lame pro- 
gram is a company handbook that gets 
handed to the employee when they’re 
hired and never gets revisited.” D 


THE AUDITORS ARE COMING! 


Revenue-hungry software vendors are clamping down 
on license compliance and threatening more audits: 


QuickLink 39183 
www.computerworld.com 


WHEN PUSH 
COMES TO SHOVE 


Tips for surviving a software 
audit (or the threat of one): 
® Push back. Immediately begin assem- 
bling your case for why an audit is un- 


warranted. 

® Negotiate all issues individually. 

@ Designate a specialized team to deal 
with all vendor requests. 

@ Check with all administrators for regis- 
tration certificates, paper licenses and 
documentation that may be stashed in file 
cabinets and drawers scattered through- 
out the company. 

@ Check with your reseller, which is typi- 
cally responsible for keeping records of 
all software licenses distributed to its 
customers, 

@ Establish upfront minimum security 
standards and safeguards before allow- 
ing third-party access to your systems. 
@ Insist that the vendor pay for the audit. 
@ Get legal advice as necessary. 
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Introducing IBM DB2 Information Integrator — the brand-new software that turns everything in its path into 


_insight and opportunity: rows and columns, video and e-mail, audio and Web. It works wherever your 


data lives: Oracle. Microsoft or IBM. It works in real time, across platforms: Linux, Windows, UNIX. Insight 


is yours. On demand. Cm GRU ele) DB2 Information Integrator Kit, visit ibm.com/db2/integrate 
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Since the Sept. 11 
attacks, the New 
York Board of Trade 
has been working 
out of its backup 
facility. But next 
month, it will move 
into a state-of-the- 
art trading floor in 
Long Island City, 
Queens, designed 
by consultancy Business Technology 
Partners Inc. in New York. For the 
past six years, CEO JOSHUA AARON 
and his firm have been providing vir- 
tual CTO teams that execute myriad 
network, systems and software proj- 
ects for companies that need to pick 
up and move their IT operations. 
Aaron spoke with Computerworld’s 
Jean Consilvio about what he’s 
learned over the years. 


Can you give some tips for success- 
ful IT relocation? It's one of those 
adages where every hour's worth of plan- 
ning can save hundreds of thousands of 
dollars. You should conduct a thorough 
needs analysis upfront. Don't be afraid to 
bring on the resources a company needs 
to complete that. 

@ If you take on a major relocation 
project, it’s very large and extra to [an IT 
staff's] normal job responsibilities, plus it 


isn't something they do every day. It’s bet- | 


ter to bring in help from qualified profes- 
sionals. 

® Get your communications lines and 
circuit orders in early so they can be iden- 
tified. One of the longest lead items in re- 
locating is WAN and public switch tele- 
phone connectivity for new offices. 

@ Make sure that someone from your 
[IT] team is on-site every day during con- 
struction to make sure things are being 
built out the way you want them to be. 


What are the biggest mistakes? A lot 
of times [companies] don't do an ade- 
quate job upfront of meeting with their 
business end users and getting all their 
requirements documented so they can 
plan the project. They wind up making too 
riany changes during the construction 
period . .. and costs start to spiral. Also, 
not identifying long lead-time items up- 
front, including mechanical systems for 


supplemental cooling and air conditioning | 


for technology rooms, or backup power 
supplies. And probably the biggest mis- 
take is not providing enough end-user 
training and setting the proper expecta- 
tions about their new environment. 
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‘The True Costs 
Of Software 


OW MUCH DOES “free” software really 
cost? That question remains at the heart 
of decisions made by CIOs and other 
technology leaders trying to decide on 
the software and associated hardware 
that will lead them into the future. 
Advocates of Linux and other open-source products 
sometimes argue that because the software is distrib- 


uted free of charge, it’s self- 

evident that it’s more fi- 

nancially attractive than 
proprietary products from 
companies like Microsoft, 

IBM, SAP or Oracle. IBM, 

which is increasingly push- 

ing its support of Linux, 

suggests that a consensus 

is emerging that the total 

cost of ownership (TCO) 

of Linux is significantly 

lower than similar costs for 
competing proprietary op- 

erating systems (although 

it doesn’t appear to extend 

this argument to other open-source 
software that competes with its own 
revenue-producing software). 

Journalistic accounts of the spread 
of open-source also tend to assume 
that the price difference is a critical 
competitive advantage. “Because it is 
free,” declared a recent Business Week 
cover story, “Linux is undercutting Mi- 
crosoft much the way Microsoft has 
gutted its rivals with lower prices for 
the past two decades.” Yet anyone who 
looks into the problem of measuring 
the TCO of software quickly recog- 
nizes how murky this field can be. 
“Free,” it turns out, doesn’t necessarily 
mean cheaper. 

To assess the merits of these various 
claims, I recently reviewed a large 
sample of publicly available articles 
that purported to address the TCO of 
different server operating systems. 





The first fact to emerge 
was that most of the 84 dif- 
ferent documents I re- 
viewed couldn’t even be 
considered studies — they 
didn’t capture sufficient 
data on the full range of 
costs needed to evaluate 
TCO, and they often based 
their conclusions on the 
analysis of results from 
only a single company’s 
experiences. Yet the hand- 
ful of studies that were 
more comprehensive re- 
vealed that the issues sur- 
rounding software TCO are more 
complex than is typically portrayed. 
To begin with, it appears that the 


| price of software itself — whether it’s 


free or not — is so low relative to the 
TCO that it may have little impact on 
the outcome of IT investment deci- 
sions for many purchasers. In most 
cases, the price of software proved to 
be less than 10% of the TCO. 

Where costs do become significant 
for all types of software is in the level 
of staffing needed. By staffing, I mean 
the training, maintenance, support, ad- 
ministration and other personnel costs 
necessary to run the software package 
efficiently. These costs can add up to 
as much as 50% to 70% of a software 
system’s TCO over its useful life. 

Yet even staffing costs vary greatly 
depending on what type of workload 
is placed on the software and what 





sort of tools the software provides for 
users. For example, one study that 
compared the TCO of Windows and 
Linux for different server workloads 
found that the Microsoft product’s 
TCO was lower for networking appli- 
cations but more expensive for Web- 
serving applications. In sum, how a 
company uses its software tells you a 
lot more about TCO than the sticker 
price. 

The fact that people use software 
in different ways also points to one of 
the problems in using a simple TCO 
analysis to make purchasing decisions. 
Too often, it’s assumed that the soft- 
ware packages being compared pro- 
vide essentially the same sets of bene- 
fits to users. But specific products and 
features that are vital to some users 
will obviously increase a particular 
software package’s value relative to 
other packages. Furthermore, a soft- 
ware package that provides more ap- 
plications and choices for users brings 
with it additional, often unmeasured, 
value. A CIO must therefore be careful 
to examine the differences in both cost 
and value to make an effective invest- 
ment decision for any type of software 
platform. 

A company must understand what it 
expects from its software as it weighs 
the decision about whether to em- 
brace open-source. Fortunately, more 
companies are approaching the TCO 
issue in this way. Instead of just look- 
ing at the price of software, they’re do- 
ing thorough, company-specific exam- 
inations of how the software will be 
used, by whom and for what purpose. 
Those sorts of questions ought to 
bring a CIO much closer to what his 
true costs are — and deliver a healthy 
dose of realism to the debate about 
“free” software. D 
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at— www.sensaphone.com/ims-4000.html 
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Programmer Analysts Green- 
wich Village Fish Co. Inc. has 
openings for Programmer 
Analysts for locs in NY. Analyze 
dsgn, dvip, test & impimt s/ware 
& web based applics using MS 
Access, MS SQL, ASP, XML 
HTML/DHTML, C++, VB Script 
Jscript, Netscape Composer, 
Tango Creator, & Visual 
InterDev. Pos req Bach in Elec. 
& Comp Eng or Comp Sci w/2 
yrs exp. Must have legal author- 
ity to work in US. Excellent pay 
& benefits. Email resume 
w/proof of work status to 
apply@citarella.com 


Unix Systems Analyst: 
SunManagement 
Center, BMC Patroi 
on a Sun/Solaris plat- 
form. Experience with 
Application readiness 
service. Please send 
resumes to ahilenski 


@sigconsult.com 


Amtex provides high-quality 
end-to-end software solutions 
We need IT professionals work 
on SADI, WC, and EDB system 
with Rational Rose, JAVA with 
STRUTS _ framework, Data 
Access Objects to access 
Stored Procedures written in 
COBOL. Contact 

info@amtexsystems.com. EOE 


Picobyte Consulting is looking 
for programmer/system ana- 
lysts, software/project engi- 
neers. We require BS/MS with at 
least 1-year experience in the IT 
field. Strong skills in EJB 
Oracle, VB, SAP, Java, SQL pre- 
ferred. Send resumes to 1500 S 
6th St. Ste. B, Springfield, IL 
62703. EOE 


PROGRAMMER ANALYST 

Analyze design program. 
implement, support advanced 
computer applications utilizing 
Java-based CORBA, Swing 
Java, Java Script, XML, HTML. 
Weblogic application server 
under UNIX and/or Windows 
operating environment for 
client/server and/or internet- 
related applications. Respon- 
sible for migration issues con- 
verting from BOA-based 
CORBA to POA-based CORBA 
& integration of enterprise sys 
tems & legacy systems. Req 
Bachelors in Comp. Sci., MiS, or 
Engg (any field) plus 2 yrs exp 
Contact: International Systems 
Technologies, Inc., 1812 Front 
Street, Scotch Plains, NJ 07076 


Snake Eye Inc. (Houston, TX) is 
seeking Database Administrator. 
6 mon. exp. using Visual 
InterDev 6.0 Frontpage 
Photoshop 6.0, and Oracle 
Send resume to 9300C Harwin 
Dr., Houston, TX 77036 or 713- 
278-9588(F). Attn: Mike 
Southern Chinese Newspaper 
Publishing Co. (Houston, TX) is 
seeking computer programmer. 
6 mon. exp. using Chinese 
Windows. Send resume to 
11122 Bellaire Bivd, Houston 
TX 77072 of  281-498- 
2728(F)/281-498-4310(T). Attn 
Jean Lin. 


Software Engineer. Research, de- 
sign, develop, install microproces- 
sor-based soil-testing unit software 
systems, including funct. specs. 
high-level design, prototype prep. 
board design & layout. Analyze 
software reqs. Hardware prod. dev. 
Pacal, C++, Assembler prog. Mod- 
ule & unit testing. Reqs: Master's or 
foreign equiv. in Mngmnt info 
Systems or Comp. Sci. & 4 yrs exp 
as Software Eng., Comp. Prog., or 
Software Dev. Exp. which may 
have been obtained concurrently 
must include 4 yrs exp. in C++ 
Pascal, Assembler, EOE. 40 
hrs/wk. Send resume to Sasha 
Kron, Kron Management Consult- 
ing, Inc., 1120 Coronation Drive 


Dunwoody, GA 3¢ 


IT Positions - Oracle 
VB/ASP Access, C/C++ 
Visual C++, Cobol, J2EE 
Framework, Java Script 
HTML, DB2, Unix, Web 
Interface, IMS, CICS, IBM 
mainframe TeamCenter 
Enterprise, Matlab. Send 
resume to EASi 
Engineering 1551 E 
Lincoln Ave Madison 
Heights, MI 48071, or email 
to Recruiter@easiusa.com 
Must include Ref 
#:SPO0803 IT. No calls. EOE 


AppleSoft, Inc., seeks 
qualified software devel- 
opers and analysts for 
projects in Taylorsville, 
Utah & other locations in 
the US: B.S. + 2 yrs exp 
Send resume to HR, 
721 W. Sunny River 
Rd., #428, Taylorsville, 
UT 84123. 


Corpus has multiple openings 
is. Following 
skills preferred: Oracle, SQL 
PL/SQL, COBOL, C/C++, VB 
SAP, Java, XML, ERP, ASP, NT, 
XSL. Minimum BS degree 
Traveling is required for some 
positions. Please send resumes 
to info@corpusinc.com. EOE 


Aluminum Blanking has o 

ings for s or programmer 

analyst responsibie for Oracle 
administration & 


dates must have BS with exp. in 
Oracle DBA. We offer competi- 
tive wage with full benefits 
Plea’ ntact 


albl.corr 


E 


Programmer Analyst: Ana- 
lyze, dsgn, dvip, impimt, test 
document & maintain s/ware 
applics using MTS, DTS 
COM/DCOM, XML/ XSLT, 
Business Objects, Crystal 
Reports ASP, Java, VBScript 
RDS IS Administration 
Erwin, C, C++ & InstallShield 
Bach in Engg or its foreign 
academic equiv + 2yrs exp in 
job offd. Res: Office Mgr 
Artilligence, 4142 Ogletown- 
Stanton Rd, #230, Newark 
DE 19713. Fax: 603-372- 
2771 


ater Belen 


Transportation co. in Chicago, IL 
involved in tank container ieas- 
ing looking for Sr. IT Manager for 
Tank Div. Qualified candidate 
will manage functional technical/ 
business operations of IT Div. 
Manage/ implementation of 
new/enhanced 0.0. Client 
Server applic. used for co.'s 
tracking/billing systems. Adm 
specialized systems applic 
throughout regional offices 
Supv./train professionals in IT 
projects. Prev. exp. must include 
technical analysis. design 
development & supervision of IS 
conversion projects as applied 
to tank leasing or transportation 
industry combined w/operational 
mngmt. exp. Computer tools. 
skills required-exp. w/any 3 of 
the following: Legacy, Forte 
Crystal, Oracle, NT Server 
People Soft plus at least 6 
months experience with Java 
SQL Server, Business Objects & 
Great Plains. Bachelors (U.S 
foreign or equiv. training, edu. & 
exp.) in Bus. Adm., MIS or 
Comp. Sci. w/3 yrs exp. in job 
offered or as a Project Manager, 
Business Support Analyst or 
System Analyst. Send Resumes 
via email to Union Tank Car 
Company at recruit@marmon.com 
No calls please 


Systems Analyst wanted by 
MLCO. Manage day-to-day 
operation of e-commerce appli- 
cation sys.; coordinate with pro- 
ject managers to develop strate- 
gic enhancements and translate 
custom business rules into fea- 
sible technical solutions, respon- 
sible for design, development 
testing and deployment of al 
enhancements to multi-tier e- 
commerce application & design 
and implementation of custom 
integration solutions with bus 

ness partners; upgrade applica- 
tion level security; collaborate 
with technical team to integrate 
application with existing func- 
tionality of legacy sys. Requires 
a BS in Comp. Sci. & 2 yrs exp 
in application development & e 
commerce consulting & data- 
base admin. & expertise in BEA 
WebLogic Server 8.1 & J2EE 
Application development & 
Microsoft SQLServer 2000 

Respond to: Mike Kunz, Michael 
Lewis Co, 201 Mitte! Drive 
Wood Dale, IL 60191 


Assistant Network Administrator 
Admin Novell Netware 
Macintosh Apple Share IP 
Server, Email Server, Microsoft 
SQL Server, Microsoft IIS & 
Java 2 Enterprise Ed. Server. 
Program web appli. in ASP, JSP, 
& Java. Database design & 
analysis in Microsoft SQL 
Server, Visual dBase, mySQL, & 
Microsoft Access. B.S. in CS or 
rel. & abi use C++, HTML 
Java, ASP, mySQL, CFML 
UNIX, Linux, VB, Scheme 
ColdFusion Studio. 40hr/wk. 9- 
5. Send resume to: Ms. Cindra 
Tan, VP Finance, Bennett Kuhn 
Varner, Inc., 2964 Peachtree 
Road, Ste Atlanta, GA 
30305 


Portal Content Analyst Re- 
sponsible for analyzing, evaluat- 
ing and developing content for 
Spanish portal (website) of 
BeliSouth.net. Master's degree in 
Computer Science, Computer 
Information Systems or related 
field required and one year expe- 
rience in systems and web con- 
tent analysis OR Bachelor's 
degree in stated fields and three 
years’ stated experience 
Must be nt in Spanish 
Piease forward resume to Attn 
Lisa Burlingame, BellSouth 
2247 Northlake Parkway, Suite 
800, Tucker, Georgia 30084 
Please do not email or fax 
resumes. EOE 


SENIOR PROGRAMMER ANA- 
LYST: (Retirement Products & 
Services) Participate in projects 
leading to the analysis, design 
enhancement and modification 
of financial, business and man- 
agement systems, applications 
and programs Respons. 
include: analyzing pertinent 
data, information and modes of 
operation; evaluating existing 
and proposed systems; transiat 
ing comprehensive business 
requirements into detailed func- 
tional specifications. Duties inc’ 
develop and test systems solu- 
tions; write, test and debug 
progams; provide support in the 
implementation process; define 
systems parameters; prepare 
SWiend-user documentation 
provide training, troubleshooting 
and technical support services 
install and maintain mainframe 
systems; and complete applica- 
tion development for financial 
services products. Daily use of 
Cobol Ii, PL-SQL, JCL, CICS 
VSAM and TSO/ISPF Min 
Reqt's; BS/BA (foreign equiva 
lent accepted) in CS, EE or 
related field of study plus 2 
years exp. in job offered or 2 
years exp. in related occupation 
(i.e. Programming 

Analysis). MUST 
demonstrated expertise 
following 1 
instailation including 

ment, implementation 
maintenance of mainirame sys- 
tems; (2) Applications develop- 
ment for financial services prod 
ucts and industry 

financial reporting 
Programming and 

using multiple mainfr: 

and utilities i 

PL-SQL 

TSO/ISPF. Basic 

range is $55.5 

year FT and sta 

benefits. E 

resumes ai 0 

No 2002-02298 Labor 
Exchange € Staniford 
Street, 1st Floor, Boston, MA 
02114 


Major 


Senior Software Engineer 
working as a senior-level individ- 
ual contributor in various pro- 
jects, will design, code, test and 
deliver sophis ted we 

based n-tier clienserver J2E 

applications ut Java 
Serviets, EJBs an for the 


be responsible 

specific user requirements. 
then defining system and 
cation specifications 
end-user needs. W 

at senior level in e 

project life cyc 

and will integrate 
applications and 

the concept phase through pc 
implementation 

monitoring, V t 
oriented analysis and software 


design. W 


ordinate with 


stage 
Bachelor's or equiva 
Mathematics 
ysics and three (3 
job offered C 
experience 
client/server 
ndidate 
demonstr, 
object 
analysis 
tise developing n-tier J 
based applicat 
Serviets, EJBs ar 
monstrated expertise 
ing, validating and transformi 
XML data using XSL_transfor- 
mation. Salary: $79,900/yr, M-F. 
9AM-5PM Send 2 resumes 
to Case #200202693, Labor 
Exchange Office, 19 Staniford 
St.. 1st fi., Boston, MA 02114 
EOE. Applicants must be U.S 
workers eligible to accept fu 
time employment in U.S 


Computerworld + InfoWorld +» Network World » August 18, 2003 


SENIOR PROGRAMMER ANA- 
LYST: (Ancillary |S Support 
Dept.) Formulate and define 
systems scope and objectives in 
order to purchase, design 
develop or modify information 
systems. Respons. & duties inci 
ID and analysis of business 
requirements geared towards 
applying mputer tech 
business proce: 

functional spec at 
programming to these 

tions where no suitable vendor 
solution has been identified to 
solve business problem; vendor 
application software research 
and valuation: installation and 
customization of vendor pack- 
ages as red by business 
community ystem integration 
as required by business func 
tionality creatin functional 
specifications and programming 
nterface 
processes, analysis, preparation 


conversion and 


of documentation a resenta- 
tion to the Technology Planning 
committee on SW application 
systems requested to be devel- 
hased by the business 

nity; act as a liaison 

n business personnel in 
ancillary departments and 
outside vendors, C or 
other business un immu: 
nities on any !T-related issues 
and provide administrative func- 
tionality, training and application 
support for vendor packages 
where ap; Min. Reat's: 
BS/BA r quivalent 
accepted) in © related 


field of study plus 2 years exp 


job offered 


related 
Programming 
Analysis 


demo 


range is $ 


year FT 


Engineer, Video Soft- 
ware. Must have min 
4yr exp in computer- 
based video prodctn & 
editing 
knowl of lineal & non-lin- 
eal Media 100 Systms & 
Fiber Channel N/work 
Integrator S/ware. Fax 
res: WNV Sales, 305- 
358-3116, Attn: Ms 
Guttierez 


w/tecnnical 


and development 

and other applications with 
the focus on E-commerce 
solutions using VB, Oracie 
and connectivity with MS 
SQL database Req 
BS/BBA with 2 yrs of exp 
Resume to Ambason Inc 
681 Troy 


Road, Latham 


Schenectady 
NY 12110 





ND based IT company has 
openings for Software 
Engineers & DBA’s: (Multiple 
openings): Research, Analyze, 
Design, develop, test, diagnose 
and implement various business 
applications. 


Real time OS Vx Works 
Networking Protocols, People- 
Soft HR/Financials, IPSEC, IKE 
BAAN ERP, BAAN tools, SAP 
3 and ABAP/4, Oracle 
8.x/9.x/11.x, Sun Solaris 2.8 
Veritas Clustering Oracle 
Utilities, Unix Shell Scripting 
PL/SQL, Erwin Data Modeling 
Designing, Web Technologies 
like J2EE, JDBC/ODBC, Web 
sphere, EJB, COM/DCOM 
C/C++, MS SQL Server, UNIX 
J2EE Architect/Team-Lead 
experience in implementing 
financial applications on HP- 
Tandem Non-stop systems 
Product Administration System 
SABLIME. Business Objects 
5.1.5, Data Warehousing 
Informatica - Power Center 5.1 
SAS 8, Teradata Utilities, Erwin 
Power Mart5.1 / PowerCenter 5 
Data Junction Cognos 
impromptu 7.0, JD Edwards 
WinRunner 6.0, Test Director 
6.0, Silk, Load Runner, Rational 
Suite, SQA Suite 


DBAs must have experience in 
installation, migration, moving 
setup, monitoring and trouble 
shooting of various database 
applications. May require travel 
to client sites Software 
Engineer $$78,000 & up 
DBA:$60,000 and up Mail 
resume to 212, South 4th Street. 
Suite# 202, Grand Forks, ND 
58201 


Lead SW Dev Eng (Denver, CO) 
Lead in the team effort to 
design/develop computer SW 
programs using SW program- 
ming languages & tool: 
C/C++ on UI & sybase open 
server/open client libraries 
implemented in multiple plat- 
forms wimultiple application 
interfaces. Design/develop GUI 
for user interaction. Perform 
data communication program- 
ming using TCP/IP, MQ Series & 
Remote Procedural Calls (RPC 
for interprocess communication 
& communicat widifferent 
telecom switches (Network 
Elements). Design/develop user 
database in Sybase. W w 
modeling & architecture groups 
to explore system design trai 
offs & to develop optimizatio 
procedures for improving net- 
work pr ioning efficiency & 
reducing total costs. MS Comp 
Sci/Eng/related + working/theo 
retical knowledge of: Comm- 
ercial grade SW development in 
UNIX environment using C/C++ 
& sybase open server > 
client libraries; Data com i- 
cation programming using 
TCP/IP, MQ Series & RPC 
Sybase database application 
programming using stored pro- 
cedures; Basic knowledge of 
Telecom switch (Network ele- 
ment) interfaces. $81,900/yr, M- 
F 8-5 Resume only to 
Workforce Development 
Programs, PO Box 46547 
Denver, CO 80202. Ref 
Job#C05053475 


SYSTEMS ANALYST 
Analyzes user requirements. 
procedures and problems to 
automate processing or 
improve existing computer sys- 
tems. Bachelor's degree in com- 
puter science, engineering or 
math-related and 2 yrs. experi- 
ence in Visual Basic, ASP. 
Microsoft Plumtree Corporate 
Portal 3.5, Web objects 3.0 
Must be able to travel. Apply by 
resume only to Murali K 
Suddala, Capricorn Systems 
Inc. 3569 Habersham-at 
Northlake, Building K, Tucker, 
GA 30084 


IT|Careers 


Senior Software Engineer to 
design & implement reliable, 
scalable server that supports the 
internet-wide deployment of 
peer-to-peer clients Utilize 
Object Oriented programming 
and an expert knowledge of C++ 
in Windows and Unix. Min 
req's: M.S. in Comp. Sci. or 
rel.field; and1 yr. experience in 
the job offered or in a related 
position working with Windows 
& Unix systems & network 
development in C++. Special 
req's: ability to understand & 
communicate complex technical 
topics; experience widesign & 
implementation of network pro- 
tocols, operating systems, dis- 
tributed algorithms & compilers. 
Must have unrestricted autho- 
rization to work in U.S. M-F, 9 
am - 5 pm, 40 hrs/wk. Salary 
$81,235. An EOE. Send 2 
copies of resume to Case No. 
200202100, Labor Exchange 
Office, 19 Staniford St., 1st FL 
Boston, MA 02114 


Application Developer. NY, NY. 
BS in Comp. Sci. w/1 yr exp in 
job or as Applicat'n Pgmr Anlyst 
Dsgn, dviop, & deploy large- 
scale r/time web based appli- 
cat'n using PERL, RDBMS 
FASTCGI, JAVA on SOLARIS 
platfirm. Share & syndicate mkt 
dta using XML based dta 
exchange tech as SOAP & 
WDDI. Re-dsgn & modify WSS 
C/C++ server applicat'n & JAVA 
applet client applicat'n w/adv 
TCP/IP socket progmng 
Support & maintain dta feed 
using TFN Firstcall, COMTEX & 
DowJones. Prim optimizt'n & 
dta mining using ETL & SQL 
Dviop & provide solut'n to 
investor using IT tech & finncial 
mkt info, such as institutional 
holding portfolio mgmt 
SEC/EDGAR filing, insider 
transact'n. Send resume to Mr. 
Chun, Wall Street Source, LLC 
120 Broadway, 27th Fi., NY, NY 


Inc. delivers reliability 
my and quality. We are look 
the following position 


Software Quality Analyst: Establish 
provide and advocate ihe Quality 
Assurance tices for software 
development and testing. Review 
applications, systems, processes 
to product execution and 
implementation. Execute multiple 
functional, security, data-integrity 
utomation. Test 
ques of Win 
er, Test Director. Simulate 
load test using the Testing Too 
Load Ru Create quality tes 
documentation like test pians, test 
cases, test matrix and test reports 
Required Bachelor's in Computer 
Science or led field and 2+ 
years of experience 


resume to: Human Re- 
Conviso, Inc., $211 Reid 
Houston, TX 77064. E 

corphr@houston.rr.cor 


Senior Software Automation Qual- 
ity Consultant - Responsible for de 
veloping, applying and maintaining 
quality standards for software appli: 
cations. Develop and execute Auto- 
mated software test plans exten- 
sively utilizing Mercury Interactive 
WinRunner, LoadRunner, Test 
r. Analyze software statically 
nically using McCabe 
Global Distribution Sys- 
nowledge is required. Masters 
mputer Science or rel- 
with 4 years of work ex 
related occupation. 40 
Hrs./week., $70,000/annum. Must 
be willing to relocate to various un- 
anticipated work locations through- 
out the USA every 4 to 10 months, 
employer paid. Must have proof of 
legal authority to work in the United 
States. Send your resumes to the 
lowa Workforce Center, 215 Wat- 
son Powell Jr. Way, #100, Des 
Moines, lowa 50309-1727. Please 
refer to Job Order 1A1101776 
Employer paid advertisement 


Computerworld + InfoWorld * Network World + August 18, 2003 


Company engaged in the dev. of 
global portfolio mgmt, trading 
and compliance s/w seeks a 
Product Specialist/Business 
Analyst to utilize sophisticated 
understanding of bus. and 
finance as well as knowledge of 
financial s/w common to the 
industry including Reuters 
Bloomberg, Market Guide and 
First Call to test co. s/w products 
from an end-user perspective 
Heavy interaction with clients 
and devipmt. of specs for new 
product features. Manually test 
features within the context of 
trading workflows and work with 
customers in the finance and 
trade industry to elicit feedback 
on features’ functionality and 
quality. Duties also include sup- 
port of in-house Acct Imple- 
mentation Mgmnt, Development 
& Technical Support teams and 
providing bus. level support on 
complex issues. Salary in 
$82,000/yr. F-T (40 hrs./wk) Min 
Req: No exp necessary. Masters 
in Finance or related and knowl- 
edge of financial s/w applica- 
tions common to the industry 
including Reuters, Bloomberg 
First Call, and Market Guide 
required. Please respond with 
two (2) copies of your resume to 
Case # 200202660, Labor 
Exchange Office, 19 Staniford 
St, 1st Fl, Boston, MA 02114 


Market Research Analyst 


Research market conditions 
for computer sales and con- 
sultancy firm. Determine 
potential sales of products 
and services. Gather infor- 
mation on marketing methods 
and distribution, price and 
sales. Liaison with foreign 
government officials in 
Nigeria and Sierra Leone to 
obtain information. 40 hrs/wk 
no OT., 11 months experience 
in above. Send resume to 
Quest Corporation, 512 East 
Jefferson St., Fort Wayne, In 
46802. No Phone Calls 


Software Enginees to design 
develop, test wireless/web soft- 
ware systems & services for 
devices including WAP Phone. 
Pocket PC's, etc. using Java 
JSP, VB, VBA, SQL, Web 
Servers, Weblogic, HTML, MS 
Access and WCTP_ under 
Windows, UNIX OS; perform req 
analysis to determine tech. fea- 
sibility study/evaluate new 
tech./methodologies provide 
guidance for complex user 
problems. Require: M.S. in 
CS/Engg (any branch) 
Competitive salary. F/T. 
Respond to: HR, Air2Web, Inc 
1230 Peachtree Street NE 
Promenade Il, 12th Fi., Atlanta 
GA 30309 


Nexus Innovative Solutions Co 
seeks Database Administrators 
to design, configure and man- 
age Oracle Databases & Appin 
Srvr on UNIX & Windows. Also 
responsible for Windows srvr 
admin; building online learning 
(LMS) solutions by applying 
SME on eLearning sys & imple- 
menting SCORM, AICC, & 
HIPPA stds; maintaining clinical 
sys; monitoring HL7 message 
transmissions; Job in Chicago 
area. Requires BS or eqvint in 
Comp Sci or Engg & 5 yrs exp in 
database admin and/or in s/ware 
dsgn & dvipmt. Must have cert 
as Oracle DBA & NT Admin 
Send resume to 
HR@niscompany.com 

Fax: (703) 385 4385. 


Database Developer, Special- 
ized Libraries: Design/manage 
marketing/market-research data 
gathering/storage libraries 
Perform data manipulation to 
project market senerios using 
knowledge of market research 
methodologies. Provide data 
extraction, loading, structuring 
for specialized business data 
libraries. 8:30a-5:30p. Req 
Bach Bus Admin in Economics/ 
Finance & 1 yr exp or as Tech 
MIS Coord &/or Web Developer. 
Resume’ J. Stulb, Morris 
Communications, 699 Broad St, 
#800, Augusta, GA 30901 


Computers 

SOFTWARE PROFESSIONALS 
Midrange Solutions Inc., a soft- 
ware consulting company, re- 
quires network engineers willing 
to relocated to the client job sites 
nationwide, to resolve problems 
regarding administration of AIX/ 
Unix servers/operating systems 
under supervision of technical 
director and client technical staff 
Mail resume and salary req's to. 
Midrange Solutions Inc., 20 
Hillside Ave., Springfield, NJ 
07081 


Oracle Applications Devel- 
oper: Design & develop 
Oracle Databases & Gra- 
phical user interface. De- 
velop user interface using 
multiple web technologies 
for generating reports; 
Oracle Forms 6i, Reports 
6i, PL/SQL, SQL Reports, 
Java Script 1.1, HTML, 
Pro C, Java and J2EE 
Please send resumes to 
101 Southhali Lane, Suite 
220, Maitland, FL 32751 


Advansoft (Soft O Soft) is look- 
ing for program or system ana- 
lysts, IT engineers. Candidate 
must have BS or equivalent 
Exp. in IT area such as Oracle. 
Java, VB, WebSphere/Weblogic 
etc is plus. Travel maybe 
required for some position. Send 
resumes to 
info@advansoft.com. EOE 


E-Com has several system/pro- 
grammer analyst and engineer 
positions. We are small but sta- 
ble, offer attractive wage with full 
benefits. Consultants must have 
Bachelor degree with experi- 
ence in SQL, Developer 2000 
Oracie, Unix, Window NT. 
Piease send resumes to e- 
com@prodigy.net 


SW Engin'rs: Rsrch, design & 
test explorer/portilet sw wi/ 
Vignette on Websphere/AIX 
platform & WSAD; Design asset 
& info mgt sw w/ Metaphase 
Toolkit; Design com'unic'n appli- 
ca'ns w/ Cobol, DB2/CICS, 
VSAM & SQLServer. 40h/w, 8-5, 
BS in Computer/ Eng'g/Bus 
related field & 2 yr wk exp 
involv'g Vignette/Websphere 
Metaphase & Cobol. Resume to 
GBS at reddy@genesisincorp.com 
or fax: 317-579-1445. Only US 
workers can apply. 
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IT Careers.com 


The World Of Work Is 


Changing Every Week. 


| 
LUCKILY, WE ARE Too! 
itcareers.com 
is now powered 
by 
CareerJournal.com! 
Search for jobs 


and post your 


resume here on 


www.itcareers.com 
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SOFTWARE ENGINEER to 
design, develop and test appli- 
cation software using C#, VB 
VB.NET, ASP, ASP.NET, ADO. 
ADO.NET, .NET Framework 
SOAP, XML, XSLT, BizTalk 
Server, Oracie, MS SQL, COM+ 
UML, CSS, Active Directory 
Services and JavaScript under 
Windows NT operating system 
Require B.S degree in 
Computer Science, an Engin- 
eering discipline, or a closely 
related field with 4 yrs of exp in 
the job offered or as a 
Programmer/Analyst. Extensive 
travel on assignment to various 
client sites within the U.S. is 
required. Competitive salary 
offered. Sen resume to: 
Nagesh Ganta, Management 
Decisions, Inc, 4940 Peachtree 
Industrial Bivd, Ste 310 
Norcross, GA 30071; Attn: Job 
VR 


Computer Consultants. 


Should have a_ bachelor's 

degree in computer science: 

related field and 3.0 year experi- 

ence with the following: Delphi 

5, SQL 2K, Oracle. 

+ MS Automation 

c We accept foreign 

education equivalent of the 

degree, or the degree equivalent 
in education and experience 


Send Resume to 

ERW Custom Programming, inc. 
3613 Elizabeth Lk Rd., Ste. 206 
Waterford, Mi 48328 

ERW is an EOE 


Software Engineer: 


Design, Test, Document 
and Update Software app- 
lications. Prefer a Bachelor's 
Degree or Foreign equiv- 
alent in a Business Or 
computer related field 
Send resumes to 


Epoch Solutions Inc 
76 Northeastern Blvd, 
Suite 29A 

Nashua, NH 03062 


Enginners and Programmer. 
Jed for Park City 


IL bas oftware Company 


Analysts r 


Scogem orp has several 
senior and dievel positions 
available for qualified candi- 
dates possessing MS/BS or 
equivalent and/or relevant 
work experience. Work with 2 
of the following: Java, Rational 
Suite EJB Apache 
Documentum, Livelink, Siebel 
Oracle JD Edwards 
PowerBuilder and XML. Send 
resumes to Scogemini Corp 
Attn: HR, P.O.Box 7881 
Gurnee, !L 60031 


PROGRAMMER ANALYST: 
B omplex fir web 
ssing vbscript & 
IS. Develop COM 
components in VB. Program 
data/base objects using 
DMO & SQL Server. Prep. 
XSD, DTD specs. Analyze, ti 
bleshoot & work w/ A 
Mobius & fini 
on tools incl 
wealth forecaster, sec 
& mean variance optimizer. Req. 
B.S. in Eng. & 2 yrs. exp. incl 
prior exp. in fini. serv. or invest- 
ment indust 40-hr. wk 
Job/interview Site: LA, CA. E- 
mail resume to Net Asset 
Management, job ref#101 
resumesforejobs@netassetmgmtcom 


IT Careers 


Computer Consultant/ 
Programmer-Analyst 


Provide technical assistance 
and expertise to clients in order 
to tailor software systems solu- 
tions to suit clients’ unique 
needs; research efficient soft- 
ware systems involving entire 
system development life-cycle 
(analysis, program develop- 
ment, design, testing, debugging 
and implementation) for client 
applications; identify systems 
usage errors and instruct clients 
to correct such errors; prepare 
systems and user documenta- 
tion and conduct user training 
respond to customer concerns; 
provide technicai expertise on 
software usage; prepare and 
maintain customer status 
reports. BS Comp. Sci., Eng. or 
MIS plus 5 years experience 
required 


Salary $76,500 Must have 
proof of legal authority to work 
permanently in the U.S. on the 
date of application for this posi- 
tion Apply at the Texas 
Workforce Commission, Dailas. 
Texas, or send resume to the 
Texas Workforce Commission 
1117 Trinity, Room 424T, Austin 
Texas 78701, J.O.#TX1696406 
Ad Paid by an Equal Opportunity 
Employer. 


Computers 


Senior Programmer! 
Prieta 


CSC seeks PROGRAMMER 
ANALYST for our 
Blythewood, SC facility to 
analyze, design, develop. 
mplement maintain and 
support application software 
systems for Central and 
South American insurance 
industry clients using Synon. 
COBOL, RPG, CLP, SDA 
DFU, SEU, OfficeVision, SQL 
and DB2 on AS/400 
platforms. Requires Bachelor's 
degree in Computer Science. 
Engineering or losely 
related field and 2 yea of 
experience as a Program 
Analyst. Must be able to com- 
municate fluently mn the 
Spanish language (spoken 
written). Periodic travel (50%) 
on assignment to client sites 
in Central and South America 
S required. Salary 7,450 
$98,362 per year; M-F 8:30 
a.m. to 5:30 p.m. Please send 
resume to: CSC, HR, L. 
Ramon, 200 W. Cesar 
Chavez, Austin, Texas 
78701. Reference job code 
LV110103 in cover letter 


Computer Security. Fidelity 
National Information Solutions, a 
rapidly growing provider of IT 
enterprise solutions & advanced 
network services to the real 
estate title & escrow industry 
seeks highly experienced pro- 
fessionals for several comput- 
er/IS security positions including 
info Security Director and Chief 
Security Ofcr. Desirable experi- 
ence may include e.g. CISSP. 
CISA cert; 1SO17799 & GLBA 
standards; firewalls; PKI & IDS 
technologies; security mgmt & 
intrusion detection tools; securi- 
ty audits/risk assessments 
Internet, Win-NT & UNIX client- 
server systems & CRM. Some 
positions may require supervi- 
sor/mgr exp. Send resume Attn 
M.Wood, FNIS, 2510 Red Hill 
Ave, Santa Ana CA 92705 or 
email hri@fnis.com. Principals 
‘only. Must be authorized to work 
in U.S. wiout employer sponsor- 
ship. 


Computerworld + August 18, 2003 


Transition Analyst (Boston, MA) 
Develop & implement IT solu- 
tions & software applications to 
support banking & related port 
folio & equity trading activities 
Analyze business requirements. 
systems requirements & overall 
architecture recommending 
technology solutions to stream- 
line & enhance of transition 
management processes & relat- 
ed back & middle office activ 

ties. Will apply AP!, SOL Server 
Sybase, Oracle & Site Server 
technologies to calibrate rela- 
tional databases & increase sys- 
tems capabilities; use XML 
Visual Basic & web scripting lan 


to devel new/retrofit 


idate business 
e databases & guide 

Nm integration/database 
expansion activities. Min. req's 
Bachelor's degree (or equiva 
lent) in Computer Science 
related engineering field, plu 
yrs. of experience in the position 
offered or 3 years in position 
respon. for using software tools 
& applications (including Visual 
Basic, SQL Server, Oracle, & 
Sybase) to develop, enhance & 
support large-scale relationa’ 
legacy databases & systems. 
Must have unrestricted auth 
rization to work in U.S. M-F 
am n 'S per week 
Salary 
An EOE Send 
resume to Case Nc 
Labor 
Staniford St 


JDBC Ja’ 
> deve 


quivaient 

r Engineering or related 
field and 6 yrs. experience 
job or 6 yrs. in related IT 
tions. 6 years 
must include a mir 
exp. with Sungard’'s VISION & 
a min of 2 yrs exp with 
UNIX(AIX). Must also possess 
proven knowledge 


Database 

Hours: M-F, 9ar 

hrs/wk. Salary 

Aust have unrestricte 

rization to work in U 

Send 2 copies 

Case No 

Exchange Office, 19 Staniford 
St., 1st Fl., Boston, MA 02114 


SOFTWARE ENGINEER 
Software engineer tc 

develop and test computer 
grams for business applications 
analyze software requirements tc 
determine feasibility 

direct software system te: 
procedures using expertise ir 
MapInfo Autopiotter and 
Sapphire Application Server 
Requirements: Bachelor's Deg- 
ree or equivalent in Computer 
Science or related field and two 
years experience as a software 
engineer or computer program- 
mer, knowledge of Mapinfo 
Autoplotter and Sapphire 
Application Server Salary 
$66,000/year. Working Cond- 
itions: 8:00 A.M. to 5:00 P.M., 40 
hours/week, involves extensive 
travel and frequent relocation 
Apply: Site Manager, Beaver 
County CareerLink, 2103 Ninth 
Ave., Beaver Falls, PA 15010 
Job No. WEB347661 


Level 3 Communicatic 
seeking a Configura 
Management/Env nment 
Te Leader for Broomfield 
CO. Candidate will direct and 
supervise team of software engi- 
neers who will package develop- 
de and create and 
maintai ripts using Unix Sheil 
Scripting, Peri, An 

mmands an 


er's sour 


installer programs to distribute 
and implement approved apopii- 
software used by global 
communications net: 


Jnix 


ware for 


database 


agement 

anagem 
NextGer rovisiong System 
Team w r wiedge of 
Siteminder 
gic Server 
platforms 


software 


software, specialized 
utility programs. Analyze design 
databases within application 
area Analyze user 
develop software solutions using 
SAP, related software w 
accept Bachelor's Degree or for 
eign equiv or equiv combination 
n one of several 
ields: C A, Eng 
Chem., Math, Physics, or scien- 
tific or business related field 
Must have one year exp using 
SAP. Extensive travel frequent 
relocatio requird. $65K/yr 
40hrs/wt O/AAP/M/F/V/H 
Send resume Manager 
Armstrong Cty CareerLink, 1270 
Nortn Water Street, PO Box 759 
Kittanning, PA 16201-0759, Job 
Order No: WEB 348364 





Software Engineer - Develop. 
create, modify computer syst/ 
apps software and specialized 
utility programs. Analyze, design 
databases within application 
area. Analyze user needs 
develop software solutions using 
Relational Database Manage- 
ment System (RDBMS) and 
related software Bachelor's 
Degree or foreign equivalent 
Will accept 3 years of under- 
graduate study and 3 years 
experience as a computer 
fessional in lieu of Bachelors. 
Degree must be in one of sever 
al limited fields: CS/CA, Eng 
Chem., Math, Physics, or scien 
tific or business related field 
Must have 1 year of experience 
using one of the following 
INFORMIX, ORACLE FOX 
PRO, SYBASE, SQL SERVER 
PROGRESS. Extensive travel 
and frequent relocation required 
$65K/yr 40hrs/wk EEO/AAP. 
M/F/V/H Send resume to te 
Admin, Greene County Team PA 
CareerLink, 4 West High St 
Waynesburg, PA 15370-1324 
Job Order No: WEB 348: 


Software Engineer Yevelop 
create modify computer 
sysvapps software, specialized 
utility programs. Analyze, design 
databases within an cation 
area Analyze user needs 
develop software solutions using 
Siebei and related software 
Bachelor's egree or foreigr 
equivalent. Will accept 3 years 
f undergraduate study and 3 
years of exp 

puter »fessional 

Bachelors. Degree r 

yne of several limited fields 
CS/CA, Eng, Chem., Math 
Physics, or scientific or business 
related field Must have 
year of experience using 

CRM and 

Extensive travel and 

reloce required 
40hrs/wk EEQO/AAP/M/F 
Send resume to: McKee: 
CareerLink, ATTN: ES Manac 
345 Fifth Ave, McKeesport 


) Job Order Ni 


Engineer Deve 
sysv/apps software, speciz 
itility programs. Analyz 
Jatabases_ within 
area 


ofessiona 


Degree 


Link Prograrr 
32 lowa Street 
15401 


WEB 348394 


Applied 
Solutions Architect 


bachelor's degree 


g y 2x 
ent Server Architect, Sr 
Architect or Technical Project 
Manager; & 2 yrs exp imple 
menting full Content Server 
product suite, J2EE, IBM 
WebSphere & BEA System 
Weblogic. Email resume to 
resumes@fatwire.com, ref 
ID# ASA001. EOE M/F/D/V 


Dae baee eS 


Software Engineer - Develop 
create, modify computer syst/ 
apps software, specialized utility 
programs. Analyze design data- 
bases in application area 
Analyze user needs, develop 
software solutions using Internet 
Applications and Internet 
Software. Bachelor's Degree or 
foreign equiv. Will accept 3 
years undergraduate study and 
3 years experience as computer 
professional in lieu of Bach 
elor's. Degree must be in one of 
several fields: CS/CA, Eng 
Chem., Math, Physics, scientific 
or business related field or 
social sciences field. Must have 
one year experience using 2 of A 
and 1 of B, or 2 of Aand 1 of C 
A-ASP, HTML, CGI 

PERL, MTS, liS 

B - JAVA, JAVASCRIPT 
JAVABEANS 

C - COLDFUSION, BROADVI- 
SION, ATG DYNAMO, NET 
DYNAMICS WEBSPHERE 
FRONT PAGE 

Extensive travel, frequent relo- 
cation required $65K/yr 
40hrs/wk EEO/AAP/M/F/V/H 
Send resume to: Manager 
Butier Cty CareerLink, Pullman 
Commerce tr, 112 Hollywood 
Dr, Ste 101, Butler, PA 16001- 
5699, Job Order No: WEB 
348369 


SENIOR SYSTEMS ENGINEER 
to design, develop, test, imple- 
ment, maintain and support net- 
work management systems and 
application software for the 
telecommunications —_ industry 
using Java, C++, NetExpert 
FrameWork/Tools) XML 
CORBA Command Line 
SNMP, and TL1. Require: M.S 
degree in Computer Science, an 
Engineering discipline a 
closely related field, with two 
years of experience in the job 
offered Extensive travel on 
assignment to various client 
sites within the U.S. is required 
Competitive Salary Offered 
8:00 am to 5:00 pm, M-F. Send 
resume to: Kenneth Miles, Vice: 
President, MSI Consulting, 6151 
Powers Ferry Road, Suite 540 
Atlanta, GA 30339. Attn: Job AB 


Software Engineer Develop. 

reate modify computer 

sysVapps software, specialized 

stility programs. Analyze, design 

Jatabases within application 

area. Analyze user needs 

develop software solutions using 

JNIX and related software. Will 

Bachelor's Degree or for 

equivalent. or equivalent 

of education and 

one of seve 

CS/CA, Eng 

Math, Physics, or scien: 

or business related field 

t have 3 years experience 

y HP-UX a ‘CO-UNIX 

Extensive travel, frequent relo 

ation requ $65K/yr 

hrs/w E AAP/M/F/V/H 

1d resume t BECS. 

rLink Prograr rvisor 

4 a Cty CareerLink, 300 

ndian Springs Road, Indiana 
PA 15701, Job Order Ne 


ting company 
nge of Consulting 
ymmerce, ERP. 
technologies. We 
rediate full time open 
numerous positions 
Programmer Analyst | 
al Analyst 


vation of 


prefer 
please state 
sition) to Attn: Kimber 
E. Dieh! Road, Suite 
rville, 1L-60563, email 
kimberm@quinnox.com, Fax:630 
548-4500. www.quinnox.com 
EOE 


Programmer Analysts-Prog- 
ramming using Oracle data- 
base as back end for data 
migration. Software Engin- 
eers-Prepare report design, 
functional, program specifica- 
tions & deploy using Brio 
Enterprise Server 6.5 and 
ETL development. Min Edu- 
BS in Comp.Sc./Engg or equi 
Min Exp-2 yrs. Job may 
involve working at various 
locations throughout the US 
Please send resumes to Attn 
RR 1022 East Divide Ave 
Suite D, City of Bismarck, ND 
58501 


SOFTWARE ENGINEER to 
design and develop Web 
Services, Corba Services and 
clients applications for Order 
and Rodeo services using Java 
EJB, WebLogic, Orbix 2000, MQ 
Series, Visio, Jbuilder and 
Harvest under UNIX operating 
system. Require: M.S. degree 
in Computer Science/ Engin- 
eering, or a closely related field 
with two years of experience in 
the job offered. Extensive travel 
on assignment to various client 
sites within the U.S. is required 
Competitive salary offered 
Apply by resume to: Roz L 
Alford, Principal, ASAP Staffing 
LLC, 3885 Holcomb Bridge 
Road, Norcross, GA 30092 
Attn: Job SP. 


SENIOR SYSTEMS ANALYST 
to analyze, design, develop and 
implement ERP and EDI appli- 
cations using HTML, ASP, Visual 
Basic, SQL Plus and PL/SQL 
Create SRS; Develop test sce 
narios and scripts, and coordi- 
nate system testing; Conduct 
impact analysis of new products 
systems, upgrades and changes 
to EDI system ain users on 
all new and upgraded systems 
Require: Bachelor's degree in 
Computer Scien Business 
Administration, or a closely 
related field with 2 yrs of exp in 
the job offered. Competitive 
salary offered. Send resume to: 
Vinod Jain, India House Brass. 
Inc., 1900 Sigman Rd, Conyers 
GA 30012; Attn: Job RS 


Looking For 
Fa\ 

New Career? 
The new 
itcareers.com 
and 
CareersJournal.com 
combined 
jobs database 
can help you 


find one. 





Check us out! 
www.itcareers.com 


Computerworld 
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Petite {O8 
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HELPING 
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Search for jobs and 
post your resume on 
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said no data was lost from 
Thursday’s trading as a result 
of the blackout. “In addition, 
the Securities Industry Au- 
tomation Corp., which is our 
data processing and technolo- 
gy operations arm, is operat- 
ing at normal capacity on gen- 
erator power,” a spokeswoman 
said Thursday nighi. 

Russ Lewis, CIO at GFI 
Group Inc., said the Wall 
Street-based online brokerage 
took a “hard hit around 4:12 
p.m....and we went right into 
disaster recovery mode.” 

“All the systems did come 
down. We immediately went 
on generator backup for both 
our data center and our trad- 
ing floor,” Lewis said Friday 
morning. “Our systems all 
flipped over as well. Asia and 
London were unaffected be- 
cause the systems flipped over 
properly.” 

As a precautionary measure, 
Lewis said, he performed end- 
of-week backups Thursday 
night and sent them via the 
company’s virtual private net- 
work to London, “in case we 
weren't able to get power into 
the New York office today and 


we had to shut the office 
down.” 

Lari Sue Taylor, director of 
enterprise information securi- 
ty and recovery at FleetBoston 
Financial Cerp. in New York, 
said a 62-member crisis man- 
agement team that was creat- 
ed after 9/11 began assessing 
the situation within an hour of 
the initial blackout. 

FleetBoston, which has sev- 
eral offices in Manhattan, was 
forced to move workers to 
SunGard Data Systems Inc.’s 
facilities in Carlstadt, N.J. Tay- 
lor said the bank also had to 
transfer network operations 
for its Quick & Reilly online 
brokerage service to those fa- 
cilities. 

Diesel generators at Merrill 
Lynch & Co. in lower Manhat- 
tan revved up as the power 
went out, and computer sys- 
tems in the Manhattan and 
New Jersey data centers didn’t 
skip a beat, said spokeswoman 
Selena Morris. 

“We were obviously pre- 
pared if something like this 
happens,” Morris said. 

At Case Western Reserve 
University in Cleveland Friday 
morning, CIO Lev Gonick was 
running on two hours’ sleep 
after having worked on recov- 
ering core systems, including 


i 





TY waited to get its. power restored, IT staffers put their 
disaster recovery plans in motion. Most were able to protect valuable data. 


e-mail, course management 

systems and enterprise sys- 

tems, throughout the night. 
Power was still out Friday 


} morning, and nearly 1,000 stu- 


dents were due to move into 
the university for the new 
school year on Saturday. 
Gonick said school officials 
were “desperately concerned” 


| about losing data on returning 


students’ tuition payments 
and course information, but a 
storage-area network Gonick 
implemented after Sept. 11 
took automatic snapshots of 


| data sets as the power began 
| flickering at 4:07 p.m. EDT on 


Aug. 14. He said on Friday that 


he lost only a “fraction of a 
second” worth of data. 

“When we got hit, we got hit 
with a double surge. It was on 
the second surge that some 
backplanes and some network 
| routers got hit pretty badly. We 
also think the second surge 
may have hurt some of our 
large servers as well,” Gonick 
said. “We've got a couple of 
servers that are a bit cranky 
coming up. As soon as the sys- 
tem came up, we had to go 
back and match the last save. 
It’s not been flawless. But it’s 
been as close as I can imagine.” 

Similarly, Alan Winchester, 
| a technology attorney at Har- 








ris Beach LLP in New York, 
said all of the law firm’s finan- 
cial records are replicated in 
real time to its Rochester, N-Y., 
office, which has a generator. 

Winchester said disaster re- 
covery lessons learned after 
Sept. ll were quickly imple- 
mented at Harris Beach after 
the lights went out. 

IT staff members left the 
building with backup tapes for 
Tuesday through Friday, he 
said. “We can always restore it 
if something crazy happens to 
the building,” he noted. “We 
can also restore it if we need 
to get the information to a 
server in a part of the country 
that’s not affected.” The law 
firm has offices in several oth- 


| er locations, including Wash- 


ington and California, as well 
as connections with other law 
firms that would help if need- 
ed, Winchester said. 

FedEx Corp. said the lack of 
power at its hubs and stations 
in the blackout areas delayed 
the processing of package in- 
formation because drivers 
couldn’t download data from 
bar-code scanners into the 
FedEx network. D 
Bob Brewin, Linda Rosencrance 
and Todd R. Weiss contributed 
to this story. 
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Out of First Energy’s 4.3 
million customers, 1.5 million 
were affected by the blackout. 

Jamshidi added that the sta- 
bility of the grid is unlikely to 
improve unless industry and 
the government invest more 
time and money in developing 
advanced software that can 
serve as a real-time decision- 
support system for electric 
grid managers and operators. 

“There needs to be a more 
concentrated and cooperative 
approach at the federal level. 
Otherwise, these kinds of fail- 
ures will continue to be diffi- 
cult to predict,” he said. 





Mark Ascolese, president of 
Powerware Corp., a Raleigh, 
N.C.-based firm that manufac- 
tures power management soft- 
ware for the energy industry, 
agreed that lack of investment 
in the right technologies has 
contributed to the U.S. power 
grid’s poor state of health. 

“What’s not been invested 
in during the last 40 years is 
the infrastructure for trans- 
mission and distribution, in- 
cluding the hardware and soft- 
ware that power SCADA sys- 
tems,” he said, referring to Su- 
pervisory Control and Data 
Acquisition Systems, which 
are real-time computers used 
to manage grid capacity. 

Joe Weiss, an analyst at 
Kema Consulting in Fairfax, 


| Va., and former technical man- 
| ager of the Enterprise Infra- 





structure Security Program at 
the Electric Power Research 
Institute in Palo Alto, Calif., 


| said the situation caused by 
| the badly outdated technolo- 


gies is compounded by the 
highly interconnected nature 
of the grid, which makes such 
widespread cascading failures 


| an ever-present possibility. 


| Paper Solutions 


Weiss also acknowledged that 
much of the research and de- 
velopment work in more re- 
silient IT systems for the elec- 
tric power grid — such as the 
“intelligent grid” initiative 


| called for last year by the Na- 


tional Research Council — 


haven’t made their way into 
| operation to the extent offi- 
cials would like. 

Howard Schmidt, chief se- 
curity officer at eBay Inc. and 
former chairman of the Presi- 
dent’s Critical Infrastructure 
Protection Board, championed 
the R&D effort in security sys- 
tems capable of operating in 
the real-time environment of 
the electric grid. He said IT 
systems capable of providing 
an adequate amount of securi- 
ty and reliability for the na- 
tion’s power grid don’t yet ex- 
ist and that their development 
is one of the most pressing is- 
sues facing the homeland se- 
curity and R&D communities. 

“There’s better security at 
| some e-commerce sites than 








there is on some of our electric 


| grid systems,” said Schmidt. 


And IT security has taken 
on new meaning for the ener- 
gy industry in light of last 
week’s failure, said Schmidt 
and other industry experts. 

Jamshidi agreed with 
Schmidt’s assessment, calling 
the blackout the most realistic 
security drill possible, one 
that exposed serious weak- 
nesses in the system, includ- 
ing the threat from deliberate 
physical and cyberattacks. 
“This could have been even 
more disastrous,” said Jamshi- 
di. “Clearly, a well-informed 
attacker with information on 
the strengths and weaknesses 
of the grid could cause a much 
more damaging outage.” D 
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Better Than UCITA 


T’S FINALLY OVER. The backers of UCITA — the widely 

loathed software licensing law that would have handed soft- 

ware vendors all sorts of nasty control over software buyers 

— have given up on it. UCITA’s sponsor, the National Confer- 

ence of Commissioners on Uniform State Laws (NCCUSL), 
said this month that it will no longer push for UCITA’s adoption by 
state legislatures [QuickLink 40484]. 

UCITA’s opponents have won — but I’m not cheering. The bad 
news is that there’s nothing better than UCITA to replace it with. 
There’s still a hole in the law where UCITA was supposed to go. 

And winning isn’t the same as solving the problem. 


Yes, the Uniform Computer Information 
Transaction Act (UCITA) is a lousy law. As en- 
acted in Virginia and Maryland — the only two 
states that passed it — UCITA allows software 
vendors to change license terms at will without 
informing customers, disavow responsibility for 
bugs and even sabotage customers’ systems if 
vendors believe their licenses are being violated. 

No wonder Iowa, North Carolina, Vermont 
and West Virginia passed laws specifically pro- 
tecting their citizens from UCITA. No wonder 
the American Bar Association and The Ameri- 
can Law Institute, which work as the NCCUSL’s 
partners in creating the Uniform Commercial 
Code, both gave UCITA a thumbs down. 

At this point, UCITA’s reputation is so bad, 
and its foes are so determined, that UCITA will 
never become law in most states. And since 
that was the whole idea behind UCITA — to 
have a uniform state law for software licensing 
— UCITA now isn’t just bad, it’s useless. 

But at the heart of UCITA, there was once a 
good, useful idea: software is different from 
conventional manufactured products, and the 
laws that cover selling software 
should treat it differently from oth- 
er products. 

And even though the NCCUSL’s 
commissioners have given up on 
UCITA, that difference still needs 
addressing. We still need a law. 

Software vendors need the pro- 
tection and the consistent ground 
rules that a uniform software licens- 
ing law would give them. No, ven- 
dors shouldn’t be able to sabotage 
users’ machines. But vendors 
should have reasonable and effec- 
tive ways of dealing with software 





being used illegally. 

Software buyers need protections and ground 
rules as well. Buyers still have to depend far too 
much on the kindness of vendors when soft- 
ware doesn’t work as advertised. 

Sure, corporate [T shops can negotiate those 
things into contracts. But it’s a lot easier when 
safeguards are clearly spelled out in the law. 

That’s the problem that still remains. And the 
state law commissioners have taken the first 
step in solving it by finally pulling the plug on 
UCITA. That wasn’t easy — there was profes- 
sional pride involved, and the emotions that 
came from spending more than a decade of ef- 
fort drafting UCITA and the past four years de- 
fending it from attacks by both partners and op- 
ponents. But it was the right step to take. 

The next step will be even harder. 

Soon — not this year, maybe not next year, 
but soon — the NCCUSL will have to return to 
the subject of software licensing. 

Not to try again with UCITA. But to start 
over on a new uniform software licensing law. 

It shouldn’t take so long this time. The com- 

missioners will still have all the 
knowledge they gained working 
on UCITA, and all the feedback 
they’ve gotten since, and another 
half-decade’s perspective. 

They'll have a good chance to 
make a much better law, one that 
individual users, corporate IT 
shops and software makers can ac- 
cept, and one that law groups and 
legislatures can support. 

I hope they do. Because we need 
that better law. And when we get 
the software licensing law we need, 
we'll all win. D 
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Got Questions About 
Business Intelligence? 


Computerworld’s IT Executive Summit 


Has the Answers 


If you’re an IT executive* in an end-user organiza- 
tion, apply to attend one of Computerworld’s 
upcoming complimentary one-day summits on 
Business Intelligence. 


Neither a product nor a system, Business Intelligence 
(Bl) is an architecture — a collection of interrelated 
operational and business performance measurement 
applications and databases. 


The only way to succeed with BI applications is to 
understand their complexity, their cross-organizational 
nature, the needs of knowledge workers, your 
competition, your market, and customer trends. 


This summit will give you a comprehensive, one-day 
overview — and will arm you with the latest thinking 
and tools to make the right investments in BI. 


*Complimentary registration 
is restricted to qualified 
IT executives only. 


New York City * September 23, 2003 


Hilton New York * 1335 Avenue of the Americas 


Selected 
speakers 
include: 


Turning Information into Insight: 
The Changing Role of Business Intelligence in the Enterprise 


The User Experience: An In-Depth Case Study 

Information Evolution: The 5 Stages of Business Intelligence 
High-Impact Strategies for Delivering Business Intelligence Results 
Thriving in Times of Transition: One CIO’s Perspective 

Building Innovation into a Business Intelligence Infrastructure 


Regulated IT: Uncle Sam Wants Your Data 
Turning a Legal Eye on iT Governance 


San Francisco ¢ September 25, 2003 


The Fairmont San Francisco * 950 Mason Street (Nob Hill) 


) 


Turning Information into Insight: 
The Changing Role of Business Intelligence in the Enterprise 


The User Experience: An In-Depth Case Study 

Thriving in Times of Transition: One CiO’s Perspective 

High-Impact Strategies for Delivering Business Intelligence Results 
Information Evolution: The 5 Stages of Business Intelligence 


Building Innovation into a Business Intelligence Infrastructure 


Turning a Legal Eye on IT Governance 


Apply for registration today 


For more information or to apply, visit www.itexecutivesummit.com/bi 


Exclusively sponsored by: 


9Sas._ intel. 


COMPUTERWORLD 
IT Executive Summit 


on Business Intelligence 
www.itexecutivesummit.com/bi 
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HP. Standing at the forefront 
of the Linux revolution. 


Linux is all about open solutions. 

And so is HP. So naturally, HP has 
emerged as the worldwide leader in 
Linux solutions. By focusing on the 
key strength of Linux—open system 
environments—HP has been solving 
real business problems for more 
customers than anyone for 18 
quarters running. With HP hardware, 
software and over 4,000 Linux 
service experts ready to serve you, it’s 
Yo ra oM-< 7A MLM RAI ree 8 
And the ones you should call 

to make even your 

most business-critical 

applications 

e) easier to manage 

em lea eco 

Demand more. Demand HP for Linux. 


To see what HP and Linux can do for 


your business, try our TCO calculator 
at www.hp.com/go/demandlinux. 
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